[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW-1] Smtp Resource FW-1 NG
First you have to block SMTP relaying on the Notes Box and if you use a SMTP Security server (Like for CVP) you need to block those on the FW-1 in a SMTP Security ressource too because by default the FW-1 SMTP Security server is wide open to SMTP relaying. I have a SMTP/POP3 post.office server running on a box, before i install a FW-1 in front of it it was fully closed to unwanted SMTP relaying by ising rules in the post.office SMTP relay. When we put the FW-1 in front of it, it was fine too, but as soon as i added a SMTP Security server in a ressource to use CVP (for virus checking) it became wide open to SMTP relaying until i change my SMTP Security ressources to: First: Name: SMTP-Reject_dest Comment: Reject common redirection characters Exception Track: Log Notify Sender On Error Match Recipient: *{*%*,*!*}* Strip MIME of type: Don't Accept Mail Larger Than 999999 KB CVP Server Anti_Virus CVP Read/Write Allowed Chars: 8-bit Second: Name: SMTP-RCV Comment: Receive email for our domains Exception Track: Log Notify Sender On Error Match Recipient: {*@ourdomain_1.com,...,*@ourdomain_N.com} Strip MIME of type: Don't Accept Mail Larger Than 999999 KB CVP Server Anti_Virus CVP Read/Write Allowed Chars: 8-bit With the two following roules: Source Destination Service Action Track Comment any our_SMTP_Server smtp -> SMTP-Reject_dest Reject Long EMAIL with redirect characters any our_SMTP_Server smtp -> SMTP-RCV Accept Long EMAIL for our domains All other incoming traffic is dropped by the catch all rule. If we put only the second rule with nothing in the Match Recepient, anyone can do SMTP relay thru our FW-1 Security server ! At 14:13 2001-11-29 +0700, Suriyanto Limah wrote: >So far we have setup the Notes Box so any relay will be rejected >automatically. >But this attack still make the server very busy... > >Do you have any another idea to solve this. > >Thanks >Suriyanto > > >Rocky Stefano <[email protected]> on 11/29/2001 11:03:15 AM > >Please respond to Mailing list for discussion of Firewall-1 > <[email protected]> > > > To: [email protected] > > cc: (bcc: Suriyanto Limah/AIN/ACI) > > Subject: Re: [FW-1] Smtp Resource FW-1 NG > >Don't use Checkpoint to fix the crap your notes server won't do. Fix the >relay on your notes box > >----- Original Message ----- >From: "Suriyanto Limah" <[email protected]> >To: <[email protected]> >Sent: Wednesday, November 28, 2001 8:51 PM >Subject: Re: [FW-1] Smtp Resource FW-1 NG > > >> Hi Matt, >> >> We have the same problem with you. Now our Notes SMTP used by outsider as >> relay. >> Could you please tell me how to configure a rule to stop this action? >> >> I use Check Point FW-1 version 4.0. >> >> Thanks >> Suriyanto >> >> >> Matthew Hale <[email protected]> on 11/29/2001 06:33:28 AM >> >> Please respond to Mailing list for discussion of Firewall-1 >> <[email protected]> >> >> >> To: [email protected] >> >> cc: (bcc: Suriyanto Limah/AIN/ACI) >> >> >> Subject: [FW-1] Smtp Resource FW-1 NG >> >> >> Hi, >> >> I have a Checkpoint FW-1 NG firewall configured with a rule which uses >> an smtp resource to stop people using my machines as a relay, i have >> configured the resource to allow mails up to 100000kb. Heres the >> >> problem:- when i send a samll mail say less than 1mb the mail is >> transfered to the mail server ok, When i send a mail (from an external >> mail account) with an attachment say 2mb it bounces back to me saying >> 'to much data'. I used Checkpoint FW-1 4.1 for 2 years with this very >> same rule and had no problems. Has anyone seen this problem with NG? i >> did a fresh install of NG on a compaq server running Redhat 7. >> >> Thanks >> >> Matt >> ------------------------------------------------------------ Yves Belle-Isle V.P. VE2YBI YB17 Email: [email protected] Responsable des Systemes Tel:Sogi Informatique Ltee. Fax:------------------------------------------------------------ =============================================== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ===============================================
|