Firewall Settings for Phishing Updates?

Jethro R Binks jethro.binks at strath.ac.uk
Wed Jun 17 20:39:00 IST 2009


On Wed, 17 Jun 2009, Glenn wrote:

> We have a strict firewall, and our mail servers are in a DMZ.  They 
> cannot download updates using either the update_bad_phishing_sites 
> script or the Spear.Phishing.Rules.v2.01 script.  I am not a firewall 
> expert, but I need to tell our firewall expert how to allow this 
> traffic.  Something like the following, I expect.  Are the port and 
> destinations correct?  How do other sites handle this?  Thanks.  
> -Glenn.

The IP addresses are subject to change at any time, so having to have 
firewall rules dependent on them is a pain at best.

If you have a less-sensitive host available outside the strict firewall 
DMZ, use that to obtain the updates, and then have it re-publish them.  
Then the hosts in your DMZ can pull the content from them, which makes for 
a more stable firewall configuration.

Or, run an HTTP proxy for these sorts of purposes which is permitted to 
connect offsite, and have your mail servers direct their requests through 
that (use proxy settings in curl, wget, etc).

Jethro.

> 
> Proposed firewall rules:
> 
> name = update_bad_phishing_sites
> source = our server IP
> port = 80 (http)
> destination = 205.234.175.175 (found by pinging mailscanner.tv)
> 
> name = Spear.Phishing.Rules.v2.01
> source = our server IP
> port = 80 (http)
> destination = 74.125.47.82 (found by pinging anti-phishing-email-
> reply.googlecode.com
> -- 
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
> 
> Before posting, read http://wiki.mailscanner.info/posting
> 
> Support MailScanner development - buy the book off the website! 
> 

.  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .
Jethro R Binks
Computing Officer, IT Services, University Of Strathclyde, Glasgow, UK


More information about the MailScanner mailing list