+ Post New Thread
Results 1 to 11 of 11
Wireless Networks Thread, External IMAP or POP3 access through AD and LEA ISP in Technical; Not sure how to solve this one but in a nutshell as a contractor I have all my email accounts ...
  1. #1
    contink's Avatar
    Join Date
    Jul 2006
    Location
    South Yorkshire
    Posts
    3,791
    Thank Post
    303
    Thanked 327 Times in 233 Posts
    Rep Power
    118

    External IMAP or POP3 access through AD and LEA ISP

    Not sure how to solve this one but in a nutshell as a contractor I have all my email accounts external to the LEA's email system and need access.

    Webmail is all well and good but I'm on site so often now that IMAP access would help reduce a lot waiting around.

    My problem is that I can't seem to access my mail at all using Outlook, Opera, etc... it just fails to connect...

    A quick call to SchoolsICT got me someone who sounded about 12 and who denied any blocking or a clue as to what might be causing the problem but I suspect it's the proxy and a need to tunnel (of which I have nada/zip/zero experience) so can anyone thwap me with the appropriate clue stick and offer some possible solutions.

    Cheers...


    FYI: the mail servers are *nix based

  2. #2

    Geoff's Avatar
    Join Date
    Jun 2005
    Location
    Fylde, Lancs, UK.
    Posts
    11,808
    Thank Post
    110
    Thanked 583 Times in 504 Posts
    Blog Entries
    1
    Rep Power
    224

    Re: External IMAP or POP3 access through AD and LEA ISP

    Tunnel over https? That'd give you a clean connection with no filtering (thus fixing your imap problem)?

    You need a machine out on the internet someplace running SSH on port 443.
    Then follow the instructions here:

    http://www.uq.edu.au/~suter/software/ssh-https-tunnel/

    Then setup a ssh port forward to whatever service (IMAP) and IP (the mail server) you want access to.

    http://www.ssh.com/support/documenta...orwarding.html

  3. #3
    contink's Avatar
    Join Date
    Jul 2006
    Location
    South Yorkshire
    Posts
    3,791
    Thank Post
    303
    Thanked 327 Times in 233 Posts
    Rep Power
    118

    Re: External IMAP or POP3 access through AD and LEA ISP

    Thanks for that Geoff,

    Unfortunately there's no ability to use HTTPS over this network because of the $%&*£%ing restrictive firewall they have in place with Vital (counting down the days).

    Course the 12 year old denied it existed whilst a second call out of desperation clarified that 12 year old was indeed clueless... everything except port 80 is completely blocked... wonderbubble.

    Anyway, still useful information nonetheless and much appreciated.

  4. #4

    Geoff's Avatar
    Join Date
    Jun 2005
    Location
    Fylde, Lancs, UK.
    Posts
    11,808
    Thank Post
    110
    Thanked 583 Times in 504 Posts
    Blog Entries
    1
    Rep Power
    224

    Re: External IMAP or POP3 access through AD and LEA ISP

    I'm impressed. Most people don't bother plugging the hillarious security hole that is HTTPS.

  5. #5

    plexer's Avatar
    Join Date
    Dec 2005
    Location
    Norfolk
    Posts
    13,568
    Thank Post
    721
    Thanked 1,682 Times in 1,497 Posts
    Rep Power
    432

    Re: External IMAP or POP3 access through AD and LEA ISP

    It might be a hilarious securty hole but how do people access https sites if the port is blocked?

    Ben

  6. #6

    Geoff's Avatar
    Join Date
    Jun 2005
    Location
    Fylde, Lancs, UK.
    Posts
    11,808
    Thank Post
    110
    Thanked 583 Times in 504 Posts
    Blog Entries
    1
    Rep Power
    224

    Re: External IMAP or POP3 access through AD and LEA ISP

    They don't and hopefully they shouldn't have any reason to.

  7. #7

    plexer's Avatar
    Join Date
    Dec 2005
    Location
    Norfolk
    Posts
    13,568
    Thank Post
    721
    Thanked 1,682 Times in 1,497 Posts
    Rep Power
    432

    Re: External IMAP or POP3 access through AD and LEA ISP

    I use several https sites and would be gutted if I couldn't access them.

    Ben

  8. #8


    Join Date
    Jan 2006
    Posts
    8,202
    Thank Post
    442
    Thanked 1,032 Times in 812 Posts
    Rep Power
    339

    Re: External IMAP or POP3 access through AD and LEA ISP

    sorry, I'm confused - Isn't it a security hole *not* to open https. forcing people to use http just makes it easy for sniffers -given most users use the same passwords for all accounts...

  9. #9

    Geoff's Avatar
    Join Date
    Jun 2005
    Location
    Fylde, Lancs, UK.
    Posts
    11,808
    Thank Post
    110
    Thanked 583 Times in 504 Posts
    Blog Entries
    1
    Rep Power
    224

    Re: External IMAP or POP3 access through AD and LEA ISP

    If you allow HTTPS, you've given enterprising folk a way to bypass all your firewall rules and filtering systems. They can run nearly any application over a SSH tunnel.

    For trouble free WoW at work (all though a touch laggier than usual), my favorite would be VPN software.

    If you desperatly need HTTPS for <insert site> You could open it up on an ip block by ip block basis. You can either do this on your firewall, or on your proxy (at least Squid can, not sure about ISA).

  10. #10
    contink's Avatar
    Join Date
    Jul 2006
    Location
    South Yorkshire
    Posts
    3,791
    Thank Post
    303
    Thanked 327 Times in 233 Posts
    Rep Power
    118

    Re: External IMAP or POP3 access through AD and LEA ISP

    Fair point the HTTPS block makes sense but what I find a bit interesting is that they can't open up IPs in general... only specific FULL domain names...

    I was asked for the full domain for a mail server (eg: mail.foo.com) so access to anything else is impossible... Granted this could abused but FFS I'm the tech on site so a little professional courtesy would certainly be applicable.


    As to VPN... one of the reasons Vital online are being given the boot is that they refused point blank to even return ANY communication on opening VPN ports from any validated static IP address... by which I mean they didn't return 20+ calls, emails, etc from me, the head or anyone else in the school...

    No reason given, no resonse, nothing... but heck this is turning into a rant so I need to chill :P...

    Bottom line though... the current system is prohibitive beyond paranoia and just detrimental to getting anything done... Looking forward to being able to setup our own Smoothwall Guardian style system instead!

  11. #11

    Geoff's Avatar
    Join Date
    Jun 2005
    Location
    Fylde, Lancs, UK.
    Posts
    11,808
    Thank Post
    110
    Thanked 583 Times in 504 Posts
    Blog Entries
    1
    Rep Power
    224

    Re: External IMAP or POP3 access through AD and LEA ISP

    but what I find a bit interesting is that they can't open up IPs in general... only specific FULL domain names
    I guess they are running it through their proxy then. To be fair, you can do this with squid using a 'dstdomain' ACL match. eg.

    Code:
    acl https method CONNECT
    acl googlemail_https dstdomain mail.google.com
    
    (rest of acls go here)
    
    http_access allow https googlemail_https
    http_access deny https
    
    (normal http access rules go here)
    Which is perhaps a little neater than IPs or netblocks. However I suggested that originally because there is zero point in running HTTPS through your web proxy. It can't cache it. It can't filter it. It just blindly passes it on. You might as well just send it straight out on port 443 over the firewall and use your firewall rules to keep control of it. naturally, this means you can't do DNS lookups and have to rely on IPs. Which really isn't a big deal. Most web server farms are on the same subnet.

SHARE:
+ Post New Thread

Similar Threads

  1. Sharepoint Learning Kit External Access
    By adamt82 in forum Virtual Learning Platforms
    Replies: 4
    Last Post: 7th November 2008, 11:34 AM
  2. Replies: 3
    Last Post: 30th April 2007, 10:32 PM
  3. Sharepoint Services 3.0 External Access
    By adamt82 in forum Virtual Learning Platforms
    Replies: 2
    Last Post: 21st April 2007, 12:09 PM
  4. PHP based Helpdesk with IMAP or POP3 authentication?
    By wesleyw in forum How do you do....it?
    Replies: 5
    Last Post: 18th October 2006, 01:08 PM
  5. External Web Access to IIS 6.0 Server
    By ryan_powell in forum Web Development
    Replies: 24
    Last Post: 9th September 2006, 08:48 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •