| T.R | Title | User | Personal Name
 | Date | Lines | 
|---|
| 1725.1 | adding Mimesweeper | GALVIA::KEATING |  | Tue Jan 21 1997 12:28 | 49 | 
| 1725.2 |  | QUICHE::PITT | Alph a ha is better than no VAX! | Wed Jan 22 1997 05:57 | 67 | 
| 1725.3 | web scan | EEMELI::EINAMO |  | Wed Jan 22 1997 06:56 | 5 | 
| 1725.4 | restrict mail through gate/screend ? | TLAV02::RUDI |  | Mon Jan 27 1997 22:52 | 11 | 
|  |     RE: .2 the part of "mimesweep as internal mailhub as far as FW
    concerned" and "FW accepting outbound mail from only mimesweep"
    
    I assume that with a gatekeeper -- gate -- mimesweeper setup, you can
    configure screend on gate to allow SMTP traffic only between
    mimesweeper and gatekeeper. No idea though how to restrict traffic from
    any mail client/server to mimesweeper or any mailserver behind it.
    Please correct me whem I'm wrong.
    
    rudi
    
 | 
| 1725.5 |  | QUICHE::PITT | Alph a ha is better than no VAX! | Tue Jan 28 1997 04:32 | 6 | 
|  | Re .4: You're right.  If you have a gate machine, then you can use that to
restrict access to the smtp port on the firewall to be only from the mimesweeper
box.  I don't think you have to do anything else - inbound all mail will be
given by the firewall to the designated mailhub anyway.
T
 | 
| 1725.6 | mimesweeper implementation plan based on NT ? | IJSAPL::VANHULST |  | Tue Jan 28 1997 08:20 | 35 | 
|  |     
    proposal of mimesweeper structure:
    
    Internet
    	!
    router		NTsystem + Mimesweep
    	!		   !
    --------red net -----------
        !
    NT firewall
    	!
    router
    	!
    --------- blue net --------
    	
    All incoming smtp (mail) messages will be forwarded to the NT-server
    running Mimesweeper either by the firewall or the external router? .
    After screening all smtp messages by mimesweeper, the smtp message
    without any suspicious contents will be forwarded to the firewall .... 
    the firewall will accept only those smtp messages send by the NT-sweep
    system (IP adres check and spoofing protected by the router)
    AV firewall will forwarded those controlled messages to the blue net 
    
    Ingredients:
    NT-system
    Mimesweeper
    Implementation effort (couple of days)
    
    So the question will this work with our and AV NT-firewall has the flexibility to 
    do this kind of smtp routing ?
    
    regards, 
    
    Henk
     
 | 
| 1725.7 |  | QUICHE::PITT | Alph a ha is better than no VAX! | Tue Jan 28 1997 09:59 | 7 | 
|  | The only installation I've done that had mimesweeper ran it on the internal
network.  That way it was protected by the firewall.  I feel this is a better
configuration that the one you've drawn up.  After all, you can't actually stop
anyone sending their mail direct to your firewall, even if the MX records only
point to the Mimesweeper box.
T
 | 
| 1725.8 | put Mimesweeper behind AT LEAST a packet filter | ANNECY::CHATEL_M |  | Thu Jan 30 1997 05:49 | 6 | 
|  |     Besides, the NT mimesweeper is probably a "standard" NT machine with
    the "standard" security holes...
    
       You don't want that facing the Net directly, I'd say...
    
    Marc Chatel @ AEO
 | 
| 1725.9 |  | NCMAIL::SMITHB |  | Thu Jan 30 1997 12:12 | 4 | 
|  | Would using the "% hack" be a way of making the mimesweeper box forward 
mail to gatekeeper without scanning it?
Brad.
 | 
| 1725.10 | Router ACL's ? | UTRUST::HEEMSKERK |  | Fri Jan 31 1997 09:36 | 17 | 
|  |     Can't we do anything with ACL's on the routers? (permit only traffic
    with dest port 25 to the NT/MIMESweeper machine?
    Deny all the other destinations with port 25. Just a thought...
    
    Tony:
    An advantage of placing MIMESweeper outside of your LAN on the rednet,
    is of course that only *trusted* mail enters your LAN. Local mail
    wouldn't have to be tempered with. (i.e. scanned for certain words
    (go wash your mouth!) Also mail sent to the internet is being scanned
    for virusses/bad language etc. etc)
    
    MarcoMarco
    
    
    Just a thought...
    
    Marco
 | 
| 1725.11 | internal mail ?? | SNOFS1::NANCARROW |  | Wed Feb 05 1997 01:54 | 14 | 
|  |     I do not understand why mimesweeper would scan internal mail if it
    is not the mail hub itself you would have to re-configure mail to go
    through it rather than it scanning all internal mail.
    advantages of it being on the internal network should include
    management supevision without openning a hole in the firewall and
    ease of use.
    My one concern would be the fact that the box would be receiving
    the mail alarms from the firewall and would have to forward them on to
    the mail hub and it would be a long path to it's destination. Would
    that cause a problem, the firewall tends to crash if the alarm queue
    length gets to long in mail or conversely can the firewall be told to
    send it's alarm mail to a node direct instead of the mail hub ?
    
    					Mike N.
 |