[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: [FW1] Am I really under attack?
I thought the SMTP security server on the firewall could strip the headers? Just forward all mail from exchange to the security server and let it do it's thing? See Page 123 to 128 of Managing FW1 with the windows GUI User Guide -----Original Message----- From: [email protected] [mailto:[email protected]] Sent: Tuesday, 9 January 2001 11:21 AM To: Tika Mahata; [email protected] Subject: Re: [FW1] Am I really under attack? Yeah, SMTP headers are great aren't they!!! I have not seen too many ways to clean up the headers that exchange generates. I don't know if there is a 3rd party product or what, but I am considering setting up a sendmail box and doing some custom PERL-MX scripting to replace all the info I don't like with XXX's.... Anybody else have a solution to prevent exchange from producing these insightful headers? Our exchange guru says there aren't any nerd knobs to do it. ----- Original Message ----- From: "Tika Mahata" <[email protected]> To: <[email protected]> Sent: Monday, January 08, 2001 10:14 AM Subject: [FW1] Am I really under attack? > > Hi All, > > I think I'm under attack. > > Someone used my Exchange Server 5.5 as relay agent for > huge amount of mails produced from > hotmail.com,yahoo.com,exite.com etc. > After I came to know that someone used this I got one > mail from my ISP which was sent by someone who > received it from my mailserver.I surprised when I saw > there is my FW NETBIOS name as well as its internal > interface's invalid IP address. > > > > In FW only there are following rules: > > 1. ANY MAILSRV SMTP ACCEPT > 2. MAILSRV ANY SMTP ACCEPT > 3. InternetGr@ANY ANY HTTP USER-AUTH > 4. LocalNet ANY HTTPS ACCEPT > 5. SecureUsr@NAY LocalNet ANY Client-Encrypt > 6. ANY External-wks ANY ACCEPT > 7. ANY ANY ANY REJECT > > And, > > Today I can't browse any internet sites.But after long > diagnosis, it is found that I can ping any sites with > its domain name (I refer DNS query from ISP's DNS > Server).And it is important to say that I can browse > only the unknown sites (i.e not used frequently) only > once.Then after I can't even browse this site also > even from Gateway.I've no proxy server.I'm using FW's > proxy with dynamic NAT. > > FW-1 4.0 sp6 > NT 4.0 sp6a > > Now I'm able to stop SMTP relay but internet access > can't be succeeded.There is no problem in my VPN. > connection. > > Pls suggest me what to do next. > > Tika Mahata > > > > __________________________________________________ > Do You Yahoo!? > Yahoo! Photos - Share your holiday photos online! > http://photos.yahoo.com/ > > > ============================================================================ ==== > To unsubscribe from this mailing list, please see the instructions at > http://www.checkpoint.com/services/mailing.html > ============================================================================ ==== > ============================================================================ ==== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ============================================================================ ==== *************************************************** This e-mail is not an official statement of the Waikato Regional Council unless otherwise stated. Visit our website http://www.ew.govt.nz *************************************************** ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|