Blocking google mail

jtfranksjtfranks Member Posts: 32 ■■□□□□□□□□
I am running squid on my linux firewall and we are having problems with people useing personnal email accounts. So we have blocked yahoo, hotmail etc. In order to block yahoo we had to block the whole site. We also need to block google, but we can not block every single search engine. I have blocked mail.google.com in the URL Filter but if you go to google.com you can still login.

Please help icon_exclaim.gif
Justin

Comments

  • TrailerisfTrailerisf Member Posts: 455
    Create a restricted internet zone in Group policy?
    On the road to Cisco. Will I hunt it, or will it hunt me?
  • kalebkspkalebksp Member Posts: 1,033 ■■■■■□□□□□
    They may be able to sign-in, but I doubt they can access gmail. In any case, if it's possible to block ssl connections to google.com that may help, google uses ssl for it's sign-in.
  • sprkymrksprkymrk Member Posts: 4,884 ■■■□□□□□□□
    Here is Google's mail servers:

    C:\WINDOWS\SYSTEM32>nslookup
    Default Server: xxxxxxx
    Address: xxxxxxxx

    > set type=mx
    > google.com
    Server: xxxxxx
    Address: xxxxxxx

    google.com MX preference = 10, mail exchanger = smtp2.google.com
    google.com MX preference = 10, mail exchanger = smtp3.google.com
    google.com MX preference = 10, mail exchanger = smtp4.google.com
    google.com MX preference = 10, mail exchanger = smtp1.google.com
    google.com nameserver = ns1.google.com
    google.com nameserver = ns2.google.com
    google.com nameserver = ns3.google.com
    google.com nameserver = ns4.google.com
    smtp2.google.com internet address = 64.233.167.25
    smtp3.google.com internet address = 64.233.183.25
    smtp4.google.com internet address = 66.102.9.25
    smtp1.google.com internet address = 216.239.57.25
    ns1.google.com internet address = 216.239.32.10
    ns2.google.com internet address = 216.239.34.10
    ns3.google.com internet address = 216.239.36.10
    ns4.google.com internet address = 216.239.38.10


    So it would appear to me that you might try blocking:

    smtp2.google.com internet address = 64.233.167.25
    smtp3.google.com internet address = 64.233.183.25
    smtp4.google.com internet address = 66.102.9.25
    smtp1.google.com internet address = 216.239.57.25


    and also:

    gsmtp163.google.com internet address = 64.233.163.27
    gsmtp183.google.com internet address = 64.233.183.27


    and see if that does the trick. They should still be able to access the search engine, but not the mail servers.
    All things are possible, only believe.
  • jtfranksjtfranks Member Posts: 32 ■■□□□□□□□□
    Thank you guys. We blocked mail.google.com and they still can sign in but can not send email. I work for a school system and we have had problems with personal email but now we have been told we can block everything that needs to be, which is good.
    Justin
  • rossonieri#1rossonieri#1 Member Posts: 800
    hello,

    you cant block mail.google.com because you simply blocked the full url regex of mail.google.com in your http_access, try to block google.com instead - but it will also block users from entering the search site.

    or you can put a urlpath regex like mail.google.com - so the search path also being watch by the proxy.

    cheers...
    the More I know, that is more and More I dont know.
Sign In or Register to comment.