I've just started work at a new magazine here in London (it's my first day) and have arrived to discover the company has set up a firewall to stop its staff accessing public email accounts such as Yahoo and Hotmail (and even my Zgeek mail account).

Does anyone know a way to get through the firewall to access these accounts WITHOUT the IT department finding out? Solutions in here please (ie, don't email them to me cos I can't get to them).

A couple of things.

1. Depending on how vigilant your IT department is, they can know everything you do on your computer. Monitoring who accesses what across the network is far easier to monitor than that, and pretty difficult to obfuscate.

2. Getting around firewall rules is technically a circumvention of a computer security device. I'm not sure what the laws in the UK are in regards to this, but even if its not illegal it speaks volumes about your professionalism.


Maybe you should consider if you should, rather than if you can. Especially when starting a new job, of all things. :rolleyes:

Good point. But it's not just me who's annoyed about it, EVERYONE here is. From what I've been told, it's a company-wide thing, but it's the only company I've come across here that does it. Maybe the solution is for everyone to complain about it and get the rule changed.

You can try using a public proxy. I do not know any off the top of my head, so you'll have to do a search. Another common way if you have broadband, know someone who does, or know someone with access to a server is to get proxy software installed on it. All messages to that box will go out on one port, and from the proxy onwards will go to which ever port you require.

I can only give ideas as I haven't tried these myself (despite being annoyed occasionally by the resistance put up at my work, and also despite me being in the local IT department). Just be quiet about who you tell and who you let find out. If it's local IT policy, they'll give you hell. If it's global, they probably monitor it all quite well and you'll be in more/faster shit if found out (but the local IT support won't care as much).

there is a very good reason for blocking of these sites. it's a good place for distributing virii, which are a mega-bastard to get rid of.

Definitely.

If you can negotiate with whoever set this rule (and since its blocking webmail like Hotmail and Yahoo!, I'd guess that its a web site filter as well as blocking certain network ports if you can't configure a mail client) to reconsider, it'd be a much better course of action. Most companies have "acceptable Internet use" guidelines, and by circumventing measure put in place to enforce them, you're giving a company grounds for termination, as well as possible avenues for legal action if they're feeling malicious.

While its totally within their rights to determine what sites are business-acceptable and thus what you should be allowed to access on company time, there are plenty of studies that show that if you allow employees some "free Internet" time they're more productive.

I didn't think virii would be that much of a problem in web-based email sites, it would be more anything outlook/outlook express related? But anyway.

Blocking hotmail is a right royal pain in the arse. We tried to block MSN Messenger at our work at one stage, lost access to hotmail, MSN, and the windows update/support sites too. They all run off similar IP's. Blocking the ports for MSNM, the MSNM program then tries heaps of other ports, including the general http port so that failed. I do not know about hotmail. Our network guys (overseas) gave up on the whole idea.

If it's blocked through a program like websense, then just ping it to find the IP and then go to its IP address. Websense is a piece of piss to get around. Very few sites blocked by IP, most just through the name (this is one area I can circumvent myself at my work ... I just need to walk into the server room & jump on the server running the config software - 1 minute and I can access it again).

I doubt he'll be able to negotiate it. As he said, it's a global company and this appears to be a global policy. If it was a small company, he'd have a chance (depending on who set the policy).

Originally posted by sagit
there is a very good reason for blocking of these sites. it's a good place for distributing virii, which are a mega-bastard to get rid of.

They're running Macs here, so I don't think viruses are an issue. I think it's just a case of management being bastids. Still, i'm only freelancing, so best to obey their rules.

As a Network Manager I really shouldn't help bypass these F/W rules. (Particulary as I enforce those exact rules.)

However that said...
the first thing you want to find out is what firewall and version they are running.
Also at this stage it is good idea to check company policy and whether they enforce it. (Last thing you want is to be dismissed)

If they are just blocking IP ranges or protocols you could ask someone nicley in .au to set you up a Port relay that listens on 80 and forwards on POP3 or imap port to your desired location.

However if they are using something like Checkpoint NG or PIX and utilising protocol resource groups (or fixup under PIX) you may well be screwed.
NG can allow you to enforce only http gets to be allowed (it checks data stream) and I have not found a way around this.

Good luck

I think the easiest solution is to talk to IT and ask why this has been done and see if we can get mail access ... we actually do need it for work.

If you do end up in a situation where you are considering trying to circumvent the security without permission, my suggestion would be to find a work colleague who is more pissed off about it than you are and subtly tell them how it could be done then wait to see if they get away with it.

Also, don't hotmail/yahoo offer a feature where you can have your mail forwarded from your hotmail to a POP account automatically?

I've already started talking to the IT/helpdesk people about the situation, and they are going to try to find someone senior for me to talk to about it. I explained that I need email access to actually do my job properly, so we'll see what happens. As I said earlier, it's the only work environment I've come across so far that doesn't allow even a minimum of reasonable personal use of the Net during work hours, including access to personal web-basd mail accounts.

As far as a POP account goes, I'm not entitled to one because I'm here only as a freelancer/casual (even though I already have a guaranteed minimum of 3 months' work from them) ...

msn is blocked for me at work, you can try mail2web.com to access a pop account, thats what i do.

Originally posted by dozer
msn is blocked for me at work, you can try mail2web.com to access a pop account, thats what i do.

mail2web.com is blocked here.

try

http://webcab.de/wwmm.htm

http://www.homeemail.com/

http://www.sjfn.nb.ca/AnyWhere/

http://www.marzie.com/webtools/webmail/index.asp

http://www.xs2mail.com/

http://toad-mail.net/

cheers, nice list - have passed it on to someone else here to test (only started today so i'm not game!)

you should be fine if you plead ignorance, tell them its the one you normally use. there are plenty more but these were the ones not on out blocklist.