Re: [NTSysADM] Blocking iCloud email

[J- P]

thx


Amazing the hoops we're made to jump through for 2 users out of a whole 
organization (oh well) at least I can justify my fee 😊


thanks again



Jean-Paul Natola



________________________________
From: listsad...@lists.myitforum.com <listsad...@lists.myitforum.com> on behalf 
of Kurt Buff <kurt.b...@gmail.com>
Sent: Saturday, May 20, 2017 9:55 PM
To: ntsysadm
Subject: Re: [NTSysADM] Blocking iCloud email

I don't use iCloud,email, and I don't know anyone at my org who does, so no, I 
haven't tried it.

FWIW, that action doesn't fit (yet) into our security policy, so it won't 
happen for a while anyway.

Kurt

On Sat, May 20, 2017 at 3:41 PM, J- P 
<jnat...@hotmail.com<mailto:jnat...@hotmail.com>> wrote:

Have you actually tested this policy, by going logging into an iCloud account 
and clicking the mail tab.?  The rule you have (same one I have)  will block a 
mail client (outlook/thunderbird etc) from communicating through the standard 
ports,(25/110/143/587/993) but will it a block a web browser tab opening email?




Jean-Paul Natola



________________________________
From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
<listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com>> on 
behalf of Kurt Buff <kurt.b...@gmail.com<mailto:kurt.b...@gmail.com>>
Sent: Thursday, May 18, 2017 7:18 PM
To: ntsysadm
Subject: Re: [NTSysADM] Blocking iCloud email

On Palo Alto firewalls, there's an application definition that you can use to 
block it - but it would probably also require MITM (aka web inspection) with 
your own certs to configure.

[Inline image 1]

Perhaps other brands of firewall can do that too.

Kurt

On Wed, May 17, 2017 at 5:35 PM, J- P 
<jnat...@hotmail.com<mailto:jnat...@hotmail.com>> wrote:

Hi all,


I already have ticket with the vendor , but thought maybe someone here may have 
already encountered this;


Objective,  block access to ALL non corporate email (we use exchange )


the filtering has blocked access to all WEB email (Hotmail, msn, aol, yahoo, 
gmail,  etc)


however, if a user logs into their iCloud account they can still access their 
apple/imail account , and they want to retain the ability to use all other 
i-crap services, iCalendar, etc..


So blocking the  www.icloud.com<http://www.icloud.com> url is not an option, 
anyone have any pointers?


TIA