Hi, we are running Traveler 10.0.1.2 on Domino 9.0.1 FP10. Our mail server is Domino 9.0.1 FP10.
The general mails coming from Internet(outside our domain) to the mail server will first be scanned by an external SPAM engine and then routed to the mail server. And the mails coming from the mobile devices through Traveler are directly routed to the mail server for further routing.
Our security auditors recently raised a concern as there is a general chance of losing the mobile and someone tries to send in a malicious email through Traveler to some internal users and there can be chaos. They want us to explore the part where Traveler mails can also be scanned by the external SPAM server.
Is this practical/achievable? Any inputs will be appreciated. Thanks in advance.
Hello,
if mobile phone is lost, administrator can:
1. block server access by changing Internet password
2. block or/and wipe device via lotustraveler.nsf https://www.ibm.com/support/knowledgecenter/SSYRPW_10.0.0/Remote_Wipe_Lock.html
3. block access to Traveler server using server security records
To prevent unauthorized person from accessing mail application, administrator can set up Traveler policy to force use of strong password and/or biometrical authentication: https://www.ibm.com/support/knowledgecenter/SSYRPW_10.0.0/Pushing_configuration_to_a_device.html
Of course you can set up Data leak prevention or route Traveler emails to smart host where antivirus/antispam is located, but I don't think this is a good idea because of very complexity and efficiency...
Hi Aleksandr,
Thanks for the quick response, however the case I mentioned is for example only. The audit point tells to look at the possibility of getting all the mails sent through Traveler scanned before delivering to the mail server for routing. We want to look at accidental sending of viruses too. Probably the employee himself attaches a malicious attachment without knowing the implications. I was not clear in my earlier query.
The question is how can we re-route this traffic from Traveler. Currently because both the Traveler and the mail server are in same cluster, automatically the mail transfer is done to the mail server. I don't remember seeing any place in the server document where this mail transfer is done.
Thanks yet again.
Mails coming from the mobile clients through Traveler are placed in the mail.box for the router to handle. There is no option for scanning the mails at Traveler before giving it to the router.
Hello,
Do you have a separate Domino Traveler server and a Mail server? Or the Traveler is also running in your Mail server?
If you have a separate traveler Server, I think you need some medium or a server like a proxy between the Domino Traveler server and the Mail server
Traveler Server >>>> Proxy/Spam/3rd Party server >>> Mail server
Before the emails will route from Traveler going to Mail server, the 3rd party server will scan it first. But I think the routing must be SMTP because there is a 3rd party server involve that will scan the email before giving it to the Mail server.
Thank you.
Exactly this is what our requirement is. But the question is how to achieve this?
If you have a separate Traveler server then you need to set up your Traveler server to send SMTP email to your Spam filter that will scan all emails before delivering it to the Mail server via SMTP.
For you to send SMTP emails from Traveler you can create a Foreign SMTP Domain document or Relay host(Configuration Document) going to Spam filter.
In the Traveler server's Configuration Document, just change the values on the Router/SMTP > Basics tab to force mail to route out to the spam scanner. Set the relay host and the local internet domain smart host (along with enabling Smart host is used for all local internet domain recipients field) and this should cause all mail to route to the spam scanner first.
Thanks Chris. I'll look into that option
Hope your outbound emails from mail server also goes thru the SPAMFILTER if not enable the same this will ensure any emails from any device to internet is addressed.
On internal emails the threat will be there not only for Traveler device but also for any user credentials from the mail server also and the extent depends on how your Domino email network is configured.
Hi Balmohan, outbound mails are fine. Internal mails is our concern.