General discussion


restricting internet e-mail access

By planit16 ·
I need to be able to restrict internet e-mail access on a lan segment while allowing intranet e-mail access to each user on the same lan segment. Each Pc is using the Windows XP pro platform. ip addresses are static non-routable (192.168.15.X).

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Comments

Collapse -

by sgt_shultz In reply to restricting internet e-ma ...

hmmm. you could restrict pop3 clients with port block but no way to block html except blacklist the sites...

Collapse -

by CG IT In reply to restricting internet e-ma ...

well about the only way to block outbound internet port 25 traffic while allowing outbound port 25 intranet traffic is a proxy server or a multihomed server acting as a router between the internet and intranet. with a mutihomed server acting as a router, you create a filter in advanced properties for the NIC which acts as a gateway. Filter properties would be block outbound port 25. The LAN segment would still be able to obtain intranet email via a mail server as traffic would go over the LAN NIC on the mutihomed server acting as a router.

Collapse -

by BudTheGrey In reply to restricting internet e-ma ...

You left out a key peice of information -- where is the mail server? Are you hosting yor own e-mail, or is your ISP providing mail services?

If you are handling your own mail services, many mail server packages can be configured to allow/deny outside sending based on account id (e-mail address).

If your ISP is providing e-mail, then e-mail for these users is probably an all-or-nothing proposition. Either they can send/receive mail to anyone, or they can't send/receive mail at all. The best solution is to use your firewall (you *do* have a firewall, right?) to block access to the common e-mail ports: 25,110,143.

Collapse -

by amanabala In reply to restricting internet e-ma ...

Assuming you dont want users to access yahoo mail and similar email products, you can block them at the firewall by configuring outbound filters (configuration varies by firewall but principle remains the same). Another, more manageable solution is to use a proxy server and configure it to block access to internet mail sites.
Hope this helps

Related Discussions

Related Forums