[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW-1] Secure SMTP server used for spam relay
Side note... Have you considered restricting who can send mail to receipients other than @yourdomain.com based on their IP address? That would be the best option and would render most of the question moot. -----Original Message----- From: Francis Lachance [mailto:[email protected]] Sent: Monday, August 26, 2002 11:05 AM To: [email protected] Subject: [FW-1] Secure SMTP server used for spam relay Hi, It seems our CheckPoint FW-1 was used to relay spam mail, here are the details. CheckPoint FW-1 4.1 SP6 on NT 4 We have no DMZ so our mail server is on the internal segment and have only two valid address available to us (one for the fw external interface and one for the router). We have a little mail server inside used by only a few users.The FW-1 SMTP Security Server is enabled and I have the following rules for SMTP: From Any to firewall smtp(incoming) accept From mailserver to Any smtp(outgoing) accept The incoming resource states that the sender can be anybody (*) but the recipients has to be in our domain (*@ourdomain.com) The outgoing resource states that the sender has to be in our domain (*@ourdomain.com) and the recipients can be anybody. The security group found out that spammers were using the firewall to relay mail by changing the sender to be [email protected]. Since we only have a few users I changed the incoming resource to state that the recipients can only be specific users ({user1,user2,user3}@ourdomain.com). Same thing for the outgoing resource the sender has to match a valid user to send. After these changes I feeled we were ok but the security group stated that we were still vulnerable to spammers and therefore had to disable our smtp service. What they do is they run the chkspam perl script (http://vancouver-webpages.com/pub/chkspam) against our firewall external interface and get the following results: 220 CheckPoint Firewall-1 secure SMTP server requires HELO: NO allows VRFY username verification: YES allows EXPN forwarding expansion: NO allows bogus From: header: YES allows simple mail relaying: YES may allow UUCP mail relaying: NO allows other mail relaying: NO can mail to postmaster: NO can mail to webmaster: NO can mail to abuse (RFC 2142): NO That test looks like it was meant to test Sendmail server is there anyway that a CheckPoint secure SMTP server can pass that kind of test ? Anybody had that kind of trouble with the secure SMTP server ? Thanks Francis ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] ================================================= ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
|