https://live.paloaltonetworks.com/t5/general-topics/monitoring-and-blocking-email/m-p/22203#M16177 <HTML><HEAD></HEAD><BODY><P><SPAN>When (currently) logging in to Gmail a POST is made towards </SPAN><A class="jive-link-external-small" href="https://accounts.google.com/ServiceLoginAuth">https://accounts.google.com/ServiceLoginAuth</A><SPAN> :</SPAN></P><P></P><P>POST /ServiceLoginAuth HTTP/1.1</P><P>Host: accounts.google.com</P><P></P><P>which in the payload contains (among other things):</P><P></P><P>&amp;Email=username%40gmail.com&amp;</P><P></P><P>So I guess that part should be doable.</P><P></P><P>That is create a custom app that depends on the gmail-base (or whatever) but triggers on http-method=POST and payload contains &amp;Email=(.*)%40domain.ec&amp;</P><P></P><P><SPAN>Put this custom appid as action=allow (along with url=accounts.google.com). While another security rule acting on url=accounts.google.com (and appid=any) is put directly after the previous allowing security rule as action=deny. This way you should be able to login with </SPAN><A class="jive-link-email-small" href="mailto:xxx@domain.ec">xxx@domain.ec</A><SPAN> but not with any other domain (or username without domain).</SPAN></P><P></P><P>In order for the above to work you need to have ssl-termination (ssl-decrypt) active.</P><P></P><P>The risks is that the user might have already been authenticated elsewhere in the google stratosphere and by that perhaps doesnt need to go the route through accounts.google.com. But also if the authentication can be done through GET instead of POST (because then you need expand your custom appid to cover that aswell). I have also no idea how IMAP (that is gmail app in android and such) can be blocked if you wish to block that aswell (the above was verified with firefox running live http header to look into the ssl session).</P><P></P><P>And as for your second question Im sorry but dont fully understand what you are asking for?</P></BODY></HTML> Thu, 04 Apr 2013 00:02:02 GMT mikand 2013-04-04T00:02:02Z https://live.paloaltonetworks.com/t5/general-topics/monitoring-and-blocking-email/m-p/22202#M16176 <HTML><HEAD></HEAD><BODY><P>Hello,</P><P></P><P>I want to know how I can do the following questions:</P><P></P><P><SPAN>1.- How can I block in gmail application the access to all the mails like this </SPAN><A class="jive-link-email-small" href="mailto:xxxx@gmail.com">xxxx@gmail.com</A><SPAN>, but allow the access to emalis like this </SPAN><A class="jive-link-email-small" href="mailto:xxxx@domain.ec">xxxx@domain.ec</A><SPAN> that also are associated with Gmail.</SPAN></P><P></P><P>2.- How to monitor the users who access to public mails and know what are the access account and the destination account of a specific email.</P><P></P><P>Thanks.</P><P></P><P>Regards.</P></BODY></HTML> Wed, 03 Apr 2013 16:22:50 GMT https://live.paloaltonetworks.com/t5/general-topics/monitoring-and-blocking-email/m-p/22202#M16176 Angel 2013-04-03T16:22:50Z https://live.paloaltonetworks.com/t5/general-topics/monitoring-and-blocking-email/m-p/22203#M16177 <HTML><HEAD></HEAD><BODY><P><SPAN>When (currently) logging in to Gmail a POST is made towards </SPAN><A class="jive-link-external-small" href="https://accounts.google.com/ServiceLoginAuth">https://accounts.google.com/ServiceLoginAuth</A><SPAN> :</SPAN></P><P></P><P>POST /ServiceLoginAuth HTTP/1.1</P><P>Host: accounts.google.com</P><P></P><P>which in the payload contains (among other things):</P><P></P><P>&amp;Email=username%40gmail.com&amp;</P><P></P><P>So I guess that part should be doable.</P><P></P><P>That is create a custom app that depends on the gmail-base (or whatever) but triggers on http-method=POST and payload contains &amp;Email=(.*)%40domain.ec&amp;</P><P></P><P><SPAN>Put this custom appid as action=allow (along with url=accounts.google.com). While another security rule acting on url=accounts.google.com (and appid=any) is put directly after the previous allowing security rule as action=deny. This way you should be able to login with </SPAN><A class="jive-link-email-small" href="mailto:xxx@domain.ec">xxx@domain.ec</A><SPAN> but not with any other domain (or username without domain).</SPAN></P><P></P><P>In order for the above to work you need to have ssl-termination (ssl-decrypt) active.</P><P></P><P>The risks is that the user might have already been authenticated elsewhere in the google stratosphere and by that perhaps doesnt need to go the route through accounts.google.com. But also if the authentication can be done through GET instead of POST (because then you need expand your custom appid to cover that aswell). I have also no idea how IMAP (that is gmail app in android and such) can be blocked if you wish to block that aswell (the above was verified with firefox running live http header to look into the ssl session).</P><P></P><P>And as for your second question Im sorry but dont fully understand what you are asking for?</P></BODY></HTML> Thu, 04 Apr 2013 00:02:02 GMT https://live.paloaltonetworks.com/t5/general-topics/monitoring-and-blocking-email/m-p/22203#M16177 mikand 2013-04-04T00:02:02Z