[Esa-l][OT] Attachment blocking

Karl.Dunn at vmic.com Karl.Dunn at vmic.com
Tue Jul 24 12:30:59 PDT 2001 

I think the webmail services are mostly https (port 443), no?  If that's
right, maybe you can just block https at a firewall and be done.

We considered blocking https to prevent attachments from coming in through
places like safeweb via https, which bypasses not only the procmail
filters, but the NAV services running on our internal Exchange server.

We haven't done it, because we do enough e-business through https that we
can't block it all.  We would have to amass a list of sites that are
allowable, so we can block all but those.  We could do this with our TIS
FWTK based firewall.  If we had a NATD based firewall, we could still do
it with packet filtering rules, although it would be a lot messier.

We are a small house, so educating users about not downloading stuff
willy-nilly via http/https has been OK so far.

Karl Dunn     (KLD13)
VMIC
12090 South Memorial Parkway
Huntsville AL USA 35803
VOICE: (256) 382-8211 or (800) 322-3616
FAX:   (256) 650-5472 or (256) 882-0859

On Tue, 24 Jul 2001, John D. Hardin wrote:

> On Tue, 24 Jul 2001, Brent Wallis wrote:
>
> > In mosts cases, a simple ACL on a Squid proxy server will do this
> > for you. Where my clients have allowed it and where we have the
> > sanitizer in place, we have blocked access to hotmail.com and
> > yahoo.com for all users via squid ACL's...works a treat.
>
> I've just done the same for hotmail, though I'm reluctant to blackhole
> all of yahoo or MSN. Can anybody who actually uses these services give
> us some idea of a less global ACL that would block just their webmail
> services?
>
> --
>  John Hardin KA7OHZ   ICQ#15735746   http://www.wolfenet.com/~jhardin/
>  jhardin at impsec.org        pgpk -a finger://gonzo.wolfenet.com/jhardin
>   768: 0x41EA94F5 - A3 0C 5B C2 EF 0D 2C E5  E9 BF C8 33 A7 A9 CE 76
>  1024: 0xB8732E79 - 2D8C 34F4 6411 F507 136C  AF76 D822 E6E6 B873 2E79
> -----------------------------------------------------------------------
>   In 1998 more than three times as many people in the US were killed
>   by incompetent physicians than were killed by handguns, yet the
>   President of the A.M.A. is adopting "gun safety" as his platform.
> -----------------------------------------------------------------------
>    1197 days until the Presidential Election
> _______________________________________________
> E-mail Security Announce list mailing list
> E-mail Security Announce list at spconnect.com
> http://www.spconnect.com/mailman/listinfo/esa-l

More information about the esd-l mailing list