On Tuesday 14 May 2002 22:23 pm, Sudhakar Chandra wrote: > It is stupid to try and stop these emails because: > > 1. People can easily circumvent it by using a Hotmail or Yahoo mail.
Block forwarding of port 80 on the gateway except from the internal proxy server, and block the offending webmail sites from the proxy (squid ACLs, for example). (Though there are way too many free email services, a vast majority can be blocked by looking for keywords). > 2. A user can easily read the SMTP RFC and telnet into port 25 of the MX > server for the domain he is supposedly prevented from sending a mail to > and talk the protocol. Stop masqueraded forwarding of port 25 connections. Also for ports 110 and 143. > 3. A user can easily install a Real Operating system on their box and > configure their local MTA to not even talk to your network-wide MTA. > Their MTA will simply send the email directly to the destination > bypassing the stupid controls in place. Not even the ROS can help if outgoing SMTP connections were blocked at the gateway level, except from the intranet mail server. These are not general nitpicks, but these measures were actually implemented at my previous employers'. The workaround? I was a laptop user (with an in-built modem), so I used to use my telephone extension to dial-up to VSNL :-) Binand _______________________________________________________________ Have big pipes? SourceForge.net is looking for download mirrors. We supply the hardware. You get the recognition. Email Us: [EMAIL PROTECTED] _______________________________________________ linux-india-help mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/linux-india-help
