[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW-1] Filtering incoming SMTP "from" your domain via SS
We solved this problem by having an email server system with a web interface for remote use. The users have to authenticate to the webserver so I don't need to keep track of their IP's. The email comes in and goes out from our internal SMTP server via our content security/anti-virus relay just as it would normally and it looks like they are always at work. ;-) This eliminates the domain conflict issue as well (as far as SPAM) since mail is still SMTPing from the inside out. This is just one option of course. >>> Marlo Montanaro <[email protected]> 06/04/02 01:36PM >>> We have remote users (usually from their home computers) who like to be able to reply to messages, or send new messages, and have everything look as if the email came from the company mail server. Additionally, all of our outgoing email is scanned for viruses (which cannot be guaranteed from any remote user). Because of the above scenario, it is not possible to have our remote users use their ISP's mail server as an outgoing mail server for company email. As a result, remote users are sending mail (sometimes to our domain) that appear to be coming from our domain- since they actually are from our domain, and also relaying off of our mail server to other domains so emails appear to come from a company email address (the nice part here is the outgoing virus scanning). The downside of this is that, since we have relay turned off from the outside, we have to explicitly allow users in by entering them into the mail server configuration as allowed. This means they have to have a static IP address or static hostname. In reality, many cable-modem subscribers, although they have DHCP addresses, have the same IP address for months or years- so it is not hard to keep up with. It is only the dial-up users who have a problem (it is unusable for them, in reality). Marlo -----Original Message----- From: Mailing list for discussion of Firewall-1 [mailto:[email protected]]On Behalf Of Coleman, Clayton Sent: Tuesday, June 04, 2002 11:20 AM To: [email protected] Subject: [FW-1] Filtering incoming SMTP "from" your domain via SS Here's the scenario: We block all incoming mail not destined for our mail domains (to block relay) but we are also considering not allowing people to deliver mail to us that appear to come from our domain. Confusing? Simply put, should we allow someone from the Internet to deliver to our SMTP server "From: [email protected]" "To: [email protected]" since all mail from foxboro.com should come from internal? What would be the downsides of blocking someone from the Internet who tries to do that? And, can we do that in a resource...? I only think it works for the destination domain, not the source domain of the email. Thanks much. Clayton ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote also confirms that this email message has been swept by MIMEsweeper for the presence of computer viruses. www.mimesweeper.com ********************************************************************** ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
|