Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Hi,
I want to block all internet based mail sites .
Its difficult to put in squid ACL all the sites . Even I tried with IPTABLES also through blocking SMTP / POP /IMAP ports . But not solved . Pls, help .
Distribution: Red Hat CentOS Ubuntu FreeBSD OpenSuSe
Posts: 252
Rep:
Quote:
Originally Posted by santanu.santanu
Hi,
I want to block all internet based mail sites .
Its difficult to put in squid ACL all the sites . Even I tried with IPTABLES also through blocking SMTP / POP /IMAP ports . But not solved . Pls, help .
try to put in /etc/mail/access then reject all domains you want to be blocked. if your using sendmail
try to put in /etc/mail/access then reject all domains you want to be blocked. if your using sendmail
I think either you or I has misunderstood the question. Being that he mentions Squid, I would think it's implied that he's talking about Web surfing, not mail serving. Filtering surfer's access to Web-based email sites seems like a pretty common policy in certain organizations, and I figured that's what he was trying to do. Hopefully he'll post back and clarify.
Here actually , how it is possible to block all internet based mails [like...gmail, yahoo mail etc.]. Its not that , I want to put this types of mail site's names in Squid ACL , because there are many mail sites ,that we can use as free internet based mail sites . And maximum of those are unknown to us . And also there are many unknown sites , from where we can bypass / access gmail like mail sites , whereas in acl gmail is already been blocked .
I have tried with IPTABLES and squid ACL to block POP/IMAP/SMTP related ports . But not worked . And if I put deny all sites and after then allow particular sites ,Its also time consuming , because for that purpose ,i have to put all possible links .
Pls, help me ...
Here actually , how it is possible to block all internet based mails [like...gmail, yahoo mail etc.]. Its not that , I want to put this types of mail site's names in Squid ACL , because there are many mail sites ,that we can use as free internet based mail sites . And maximum of those are unknown to us . And also there are many unknown sites , from where we can bypass / access gmail like mail sites , whereas in acl gmail is already been blocked .
I have tried with IPTABLES and squid ACL to block POP/IMAP/SMTP related ports . But not worked . And if I put deny all sites and after then allow particular sites ,Its also time consuming , because for that purpose ,i have to put all possible links .
Pls, help me ...
Look at the second post in this thread, it suggests a program which is specially designed for this sort of thing.
Distribution: Red Hat CentOS Ubuntu FreeBSD OpenSuSe
Posts: 252
Rep:
Quote:
Originally Posted by win32sux
I think either you or I has misunderstood the question. Being that he mentions Squid, I would think it's implied that he's talking about Web surfing, not mail serving. Filtering surfer's access to Web-based email sites seems like a pretty common policy in certain organizations, and I figured that's what he was trying to do. Hopefully he'll post back and clarify.
Maybe your right win32sux. I was thinking that he wants to block all incoming mails from web-based emails such as yahoo gmail etc.. so he doesnt need to to it via proxy. Anyway lets just wait and see.
Yes, you are right . I want to block " all incoming mails and outgoing from web-based emails such as yahoo gmail etc.. ". But there are so many such kind of mail sites . Its not so easy to put all mail sites name in Squid ACL . What is the alternative . Even I tried with IPTABLES also regarding to block IMAP/POP/SMTP ports.
It will not be possible for you to enumerate and blacklist all web-based mail sites. This is a fool's errand. Webmail sites are HTTP or HTTPS web sites, and the mail processing occurs on the remote server; you're simply not going to know which websites host webmail, form-based mail, or other email-like interfaces.
Maybe your right win32sux. I was thinking that he wants to block all incoming mails from web-based emails such as yahoo gmail etc.. so he doesnt need to to it via proxy. Anyway lets just wait and see.
It now sounds like we were both right and he wishes to do both.
Quote:
Originally Posted by santanu.santanu
OK...Then I have to put manually the mail sites in ACL . So, that its would be a prevention of missuse of mail about confidential data .
DansGuardian will take let you take care of denying access to Web-based email sites, without having to write blacklists. It can detect when a site is a Web-mail provider by looking at the content of the page. This should be used in addition to regular expression matching, and maybe even some blacklisting if needed (doing this with blacklisting only would be insane if not impossible).
As for filtering inbound mail from Web-based provides, I second tajamari's suggestion.
Distribution: Red Hat CentOS Ubuntu FreeBSD OpenSuSe
Posts: 252
Rep:
Quote:
Originally Posted by win32sux
It now sounds like we were both right and he wishes to do both.
DansGuardian will take let you take care of denying access to Web-based email sites, without having to write blacklists. It can detect when a site is a Web-mail provider by looking at the content of the page. This should be used in addition to regular expression matching, and maybe even some blacklisting if needed (doing this with blacklisting only would be insane if not impossible).
As for filtering inbound mail from Web-based provides, I second tajamari's suggestion.
let superman do the autoblocking of all web-based emails. there's a lot try figuring it now..
Distribution: OpenBSD 4.6, OS X 10.6.2, CentOS 4 & 5
Posts: 3,660
Rep:
Quote:
Originally Posted by santanu.santanu
OK...Then I have to put manually the mail sites in ACL . So, that its would be a prevention of missuse of mail about confidential data .
You know there are very robust commercial applications designed to do just this, right? Trying to use off-the-shelf tools to comply with government regulations, at least in the USA, is nearly futile. I have yet to see anything OSS that comes close to being able to adequately filter outbound e-mail traffic.
Edit: You can block webmail sites easily enough on your proxy, but that's only half the problem. You still need to look at the e-mail going out through your "approved" e-mail server to see if that contains and sensitive information.
I'm curious how these programs examine SSL-encypted sessions to detect the content as being "web mail".
To do actual content filtering for HTTPS sites, one would need to act as a man-in-the-middle by issuing one's own own cert and having the clients approve it - thereby giving one the ability to analyse the non-encrypted content before sending it to the client. If that makes you as nauseous as it does me, then perhaps using regular expression matches on the URLs will suffice. I mean, it's not like you're ever gonna filter 100% of Web-based mail sites anyway - regardless of what method you use.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.