Re: Blocking email through the web services

[Mikael Olsson <mikael.olsson () clavister com>]

Martin Peikert wrote:
> seadog () jb ro wrote:
> > Is there a common port I can block that will prevent users from
> > downloading email from webmail services such as aol, hotmail or msn, used
> > by all - without blocking www service in general?
>
> Try port 110 (pop3), 995 (pop3-ssl) and maybe 220 (imap3) and 993
> (imap3-ssl), too.

*ahem*
No one uses imap3. Really. It hardly left the test bed.
Everyone uses imap4, which uses the same ports as imap2 did.

imap2/4 lives on port 143.
The SSL version lives on 993.


In either case, this is useless for the big webmail services.
They only provide access via their web interfaces; why would they
provide service over pop3/imap where they can't serve up ads?

I have however seen some smaller webmail services that let you
use POP3 if you pay for it.


So: best bet is to block by DNS/IP, just as Paul said.
Unfortunately, you won't catch them all that way. Just the common 
ones. Establish an acceptable use policy, get management backing, 
and educate your users with a clue-by-four.


-- 
Mikael Olsson, Clavister AB
Storgatan 12, Box 393, SE-891 28 ÖRNSKÖLDSVIK, Sweden
Phone: +46 (0)660 29 92 00   Mobile: +46 (0)70 26 222 05
Fax: +46 (0)660 122 50       WWW: http://www.clavister.com

"Senex semper diu dormit"
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards