| |
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [FW-1] Smtp Resource FW-1 NG
First you have to block SMTP relaying on the Notes Box and
if you use a SMTP Security server (Like for CVP) you need
to block those on the FW-1 in a SMTP Security ressource too
because by default the FW-1 SMTP Security server is wide
open to SMTP relaying. I have a SMTP/POP3 post.office server
running on a box, before i install a FW-1 in front of it it
was fully closed to unwanted SMTP relaying by ising rules
in the post.office SMTP relay. When we put the FW-1 in front
of it, it was fine too, but as soon as i added a SMTP Security
server in a ressource to use CVP (for virus checking) it
became wide open to SMTP relaying until i change my SMTP
Security ressources to:
First: Name: SMTP-Reject_dest
Comment: Reject common redirection characters
Exception Track: Log
Notify Sender On Error
Match Recipient: *{*%*,*!*}*
Strip MIME of type:
Don't Accept Mail Larger Than 999999 KB
CVP Server Anti_Virus
CVP Read/Write
Allowed Chars: 8-bit
Second: Name: SMTP-RCV
Comment: Receive email for our domains
Exception Track: Log
Notify Sender On Error
Match Recipient: {*@ourdomain_1.com,...,*@ourdomain_N.com}
Strip MIME of type:
Don't Accept Mail Larger Than 999999 KB
CVP Server Anti_Virus
CVP Read/Write
Allowed Chars: 8-bit
With the two following roules:
Source Destination Service Action Track Comment
any our_SMTP_Server smtp -> SMTP-Reject_dest Reject Long EMAIL with redirect characters
any our_SMTP_Server smtp -> SMTP-RCV Accept Long EMAIL for our domains
All other incoming traffic is dropped by the catch all rule.
If we put only the second rule with nothing in the Match Recepient,
anyone can do SMTP relay thru our FW-1 Security server !
At 14:13 2001-11-29 +0700, Suriyanto Limah wrote:
>So far we have setup the Notes Box so any relay will be rejected
>automatically.
>But this attack still make the server very busy...
>
>Do you have any another idea to solve this.
>
>Thanks
>Suriyanto
>
>
>Rocky Stefano <[email protected]> on 11/29/2001 11:03:15 AM
>
>Please respond to Mailing list for discussion of Firewall-1
> <[email protected]>
>
>
> To: [email protected]
>
> cc: (bcc: Suriyanto Limah/AIN/ACI)
>
> Subject: Re: [FW-1] Smtp Resource FW-1 NG
>
>Don't use Checkpoint to fix the crap your notes server won't do. Fix the
>relay on your notes box
>
>----- Original Message -----
>From: "Suriyanto Limah" <[email protected]>
>To: <[email protected]>
>Sent: Wednesday, November 28, 2001 8:51 PM
>Subject: Re: [FW-1] Smtp Resource FW-1 NG
>
>
>> Hi Matt,
>>
>> We have the same problem with you. Now our Notes SMTP used by outsider as
>> relay.
>> Could you please tell me how to configure a rule to stop this action?
>>
>> I use Check Point FW-1 version 4.0.
>>
>> Thanks
>> Suriyanto
>>
>>
>> Matthew Hale <[email protected]> on 11/29/2001 06:33:28 AM
>>
>> Please respond to Mailing list for discussion of Firewall-1
>> <[email protected]>
>>
>>
>> To: [email protected]
>>
>> cc: (bcc: Suriyanto Limah/AIN/ACI)
>>
>>
>> Subject: [FW-1] Smtp Resource FW-1 NG
>>
>>
>> Hi,
>>
>> I have a Checkpoint FW-1 NG firewall configured with a rule which uses
>> an smtp resource to stop people using my machines as a relay, i have
>> configured the resource to allow mails up to 100000kb. Heres the
>>
>> problem:- when i send a samll mail say less than 1mb the mail is
>> transfered to the mail server ok, When i send a mail (from an external
>> mail account) with an attachment say 2mb it bounces back to me saying
>> 'to much data'. I used Checkpoint FW-1 4.1 for 2 years with this very
>> same rule and had no problems. Has anyone seen this problem with NG? i
>> did a fresh install of NG on a compaq server running Redhat 7.
>>
>> Thanks
>>
>> Matt
>>
------------------------------------------------------------
Yves Belle-Isle V.P. VE2YBI YB17 Email: [email protected]
Responsable des Systemes Tel:Sogi Informatique Ltee. Fax:------------------------------------------------------------
===============================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
===============================================
|
|
