LinuxQuestions.org
Latest LQ Deal: Latest LQ Deals
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 06-24-2008, 11:42 PM   #1
santanu.santanu
LQ Newbie
 
Registered: Jun 2008
Location: Kolkata
Posts: 14

Rep: Reputation: 0
Internet based mail sites block


Hi,
I want to block all internet based mail sites .
Its difficult to put in squid ACL all the sites . Even I tried with IPTABLES also through blocking SMTP / POP /IMAP ports . But not solved . Pls, help .
 
Old 06-24-2008, 11:51 PM   #2
win32sux
LQ Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 380Reputation: 380Reputation: 380Reputation: 380
Sounds like a job for DansGuardian.
 
Old 06-25-2008, 12:41 AM   #3
tajamari
Member
 
Registered: Jul 2007
Distribution: Red Hat CentOS Ubuntu FreeBSD OpenSuSe
Posts: 252

Rep: Reputation: 32
Quote:
Originally Posted by santanu.santanu View Post
Hi,
I want to block all internet based mail sites .
Its difficult to put in squid ACL all the sites . Even I tried with IPTABLES also through blocking SMTP / POP /IMAP ports . But not solved . Pls, help .
try to put in /etc/mail/access then reject all domains you want to be blocked. if your using sendmail
 
Old 06-25-2008, 01:11 AM   #4
win32sux
LQ Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 380Reputation: 380Reputation: 380Reputation: 380
Quote:
Originally Posted by tajamari View Post
try to put in /etc/mail/access then reject all domains you want to be blocked. if your using sendmail
I think either you or I has misunderstood the question. Being that he mentions Squid, I would think it's implied that he's talking about Web surfing, not mail serving. Filtering surfer's access to Web-based email sites seems like a pretty common policy in certain organizations, and I figured that's what he was trying to do. Hopefully he'll post back and clarify.

Last edited by win32sux; 06-25-2008 at 01:20 AM.
 
Old 06-25-2008, 04:41 AM   #5
santanu.santanu
LQ Newbie
 
Registered: Jun 2008
Location: Kolkata
Posts: 14

Original Poster
Rep: Reputation: 0
Here actually , how it is possible to block all internet based mails [like...gmail, yahoo mail etc.]. Its not that , I want to put this types of mail site's names in Squid ACL , because there are many mail sites ,that we can use as free internet based mail sites . And maximum of those are unknown to us . And also there are many unknown sites , from where we can bypass / access gmail like mail sites , whereas in acl gmail is already been blocked .
I have tried with IPTABLES and squid ACL to block POP/IMAP/SMTP related ports . But not worked . And if I put deny all sites and after then allow particular sites ,Its also time consuming , because for that purpose ,i have to put all possible links .
Pls, help me ...
 
Old 06-25-2008, 01:51 PM   #6
win32sux
LQ Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 380Reputation: 380Reputation: 380Reputation: 380
Quote:
Originally Posted by santanu.santanu View Post
Here actually , how it is possible to block all internet based mails [like...gmail, yahoo mail etc.]. Its not that , I want to put this types of mail site's names in Squid ACL , because there are many mail sites ,that we can use as free internet based mail sites . And maximum of those are unknown to us . And also there are many unknown sites , from where we can bypass / access gmail like mail sites , whereas in acl gmail is already been blocked .
I have tried with IPTABLES and squid ACL to block POP/IMAP/SMTP related ports . But not worked . And if I put deny all sites and after then allow particular sites ,Its also time consuming , because for that purpose ,i have to put all possible links .
Pls, help me ...
Look at the second post in this thread, it suggests a program which is specially designed for this sort of thing.
 
Old 06-25-2008, 11:28 PM   #7
tajamari
Member
 
Registered: Jul 2007
Distribution: Red Hat CentOS Ubuntu FreeBSD OpenSuSe
Posts: 252

Rep: Reputation: 32
Quote:
Originally Posted by win32sux View Post
I think either you or I has misunderstood the question. Being that he mentions Squid, I would think it's implied that he's talking about Web surfing, not mail serving. Filtering surfer's access to Web-based email sites seems like a pretty common policy in certain organizations, and I figured that's what he was trying to do. Hopefully he'll post back and clarify.
Maybe your right win32sux. I was thinking that he wants to block all incoming mails from web-based emails such as yahoo gmail etc.. so he doesnt need to to it via proxy. Anyway lets just wait and see.
 
Old 06-26-2008, 01:07 AM   #8
santanu.santanu
LQ Newbie
 
Registered: Jun 2008
Location: Kolkata
Posts: 14

Original Poster
Rep: Reputation: 0
Yes, you are right . I want to block " all incoming mails and outgoing from web-based emails such as yahoo gmail etc.. ". But there are so many such kind of mail sites . Its not so easy to put all mail sites name in Squid ACL . What is the alternative . Even I tried with IPTABLES also regarding to block IMAP/POP/SMTP ports.
 
Old 06-26-2008, 01:15 AM   #9
Mr. C.
Senior Member
 
Registered: Jun 2008
Posts: 2,529

Rep: Reputation: 63
It will not be possible for you to enumerate and blacklist all web-based mail sites. This is a fool's errand. Webmail sites are HTTP or HTTPS web sites, and the mail processing occurs on the remote server; you're simply not going to know which websites host webmail, form-based mail, or other email-like interfaces.
 
Old 06-26-2008, 04:27 AM   #10
santanu.santanu
LQ Newbie
 
Registered: Jun 2008
Location: Kolkata
Posts: 14

Original Poster
Rep: Reputation: 0
OK...Then I have to put manually the mail sites in ACL . So, that its would be a prevention of missuse of mail about confidential data .
 
Old 06-26-2008, 10:19 AM   #11
win32sux
LQ Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 380Reputation: 380Reputation: 380Reputation: 380
Quote:
Originally Posted by tajamari View Post
Maybe your right win32sux. I was thinking that he wants to block all incoming mails from web-based emails such as yahoo gmail etc.. so he doesnt need to to it via proxy. Anyway lets just wait and see.
It now sounds like we were both right and he wishes to do both.

Quote:
Originally Posted by santanu.santanu View Post
OK...Then I have to put manually the mail sites in ACL . So, that its would be a prevention of missuse of mail about confidential data .
DansGuardian will take let you take care of denying access to Web-based email sites, without having to write blacklists. It can detect when a site is a Web-mail provider by looking at the content of the page. This should be used in addition to regular expression matching, and maybe even some blacklisting if needed (doing this with blacklisting only would be insane if not impossible).

As for filtering inbound mail from Web-based provides, I second tajamari's suggestion.
 
Old 07-02-2008, 12:40 AM   #12
tajamari
Member
 
Registered: Jul 2007
Distribution: Red Hat CentOS Ubuntu FreeBSD OpenSuSe
Posts: 252

Rep: Reputation: 32
Quote:
Originally Posted by win32sux View Post
It now sounds like we were both right and he wishes to do both.

DansGuardian will take let you take care of denying access to Web-based email sites, without having to write blacklists. It can detect when a site is a Web-mail provider by looking at the content of the page. This should be used in addition to regular expression matching, and maybe even some blacklisting if needed (doing this with blacklisting only would be insane if not impossible).

As for filtering inbound mail from Web-based provides, I second tajamari's suggestion.
let superman do the autoblocking of all web-based emails. there's a lot try figuring it now..
 
Old 07-02-2008, 02:09 AM   #13
chort
Senior Member
 
Registered: Jul 2003
Location: Silicon Valley, USA
Distribution: OpenBSD 4.6, OS X 10.6.2, CentOS 4 & 5
Posts: 3,660

Rep: Reputation: 76
Quote:
Originally Posted by santanu.santanu View Post
OK...Then I have to put manually the mail sites in ACL . So, that its would be a prevention of missuse of mail about confidential data .
You know there are very robust commercial applications designed to do just this, right? Trying to use off-the-shelf tools to comply with government regulations, at least in the USA, is nearly futile. I have yet to see anything OSS that comes close to being able to adequately filter outbound e-mail traffic.

Edit: You can block webmail sites easily enough on your proxy, but that's only half the problem. You still need to look at the e-mail going out through your "approved" e-mail server to see if that contains and sensitive information.

Last edited by chort; 07-02-2008 at 02:10 AM.
 
Old 07-02-2008, 02:15 AM   #14
Mr. C.
Senior Member
 
Registered: Jun 2008
Posts: 2,529

Rep: Reputation: 63
I'm curious how these programs examine SSL-encypted sessions to detect the content as being "web mail".
 
Old 07-02-2008, 03:57 AM   #15
win32sux
LQ Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 380Reputation: 380Reputation: 380Reputation: 380
Quote:
Originally Posted by Mr. C. View Post
I'm curious how these programs examine SSL-encypted sessions to detect the content as being "web mail".
To do actual content filtering for HTTPS sites, one would need to act as a man-in-the-middle by issuing one's own own cert and having the clients approve it - thereby giving one the ability to analyse the non-encrypted content before sending it to the client. If that makes you as nauseous as it does me, then perhaps using regular expression matches on the URLs will suffice. I mean, it's not like you're ever gonna filter 100% of Web-based mail sites anyway - regardless of what method you use.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Squid to block all the sites except 1 or 2 sites winxandlinx Linux - Networking 8 10-27-2010 02:53 AM
Upgrade from 7.10 to 8.04 stops connection to mail server and selected internet sites adcockp Ubuntu 10 06-07-2008 09:47 PM
LXer: Linux-based website beats Windows-based sites LXer Syndicated Linux News 0 06-21-2007 04:17 AM
how to block sites 4ajaysingh Linux - Networking 1 01-23-2007 09:01 AM
block some sites nkutty Linux - Security 1 10-03-2005 04:15 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 01:07 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration