[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [FW1] Anti-Spam/Relay w/ SMTP Security Server
Hi All, Several folks have asked for me to post this. Here's how you can limit spam/relaying with FW-1's SMTP security server. Note: If you search this list, or look at resources such as www.phoneboy.com -- you can probably find this information as well. I did find info in the FW v3.0b books. Anti-Spam/Relay Rules Using FW-1's SMTP Security Server In my implementation, I use two rules: A and B. Both are discussed below: A. DropSpam PURPOSE: Reject any email using the "!" or "%" syntax to relay mail off your mailserver(s) 1- Create an STMP Resource (call it DropSpam) 2- Within the Match tab, put the following: Sender: * Recipient: *{!,%}*@* Put this SMTP Resource in a rule BEFORE your SMTP accept rule for email to reject any attempts to relay off your SMTP box(es). This rule should look something like: Any == mailserver(s) == smtp-->DropSpam == REJECT B. GoodEmail PURPOSE: Accept only that email for which you MX/relay for. 1- Create an SMTP Resource (call it GoodEmail) 2- Within the Match tab, put the following: Sender: *@* Recipient: *@{domain1,domain2,domain3}.com If you're like me, and you have com and org top-level domains, you can use this syntax: *@{domain1,domain2,domain3}.{com,org} For example: *@{cnn,aol,up200}.{com,org} You could make individual rules for each domain for more security -- but the interest here is simplicity and efficiency. 3- Fill in Action2 tab with CVP/AV information -- if you use such a solution Use this SMTP Resource in a rule to accept email. This rule should look something like: Any == mailserver(s) == smtp-->GoodEmail == ACCEPT Therefore, your final rulebase should include the following rules to filter SMTP traffic: Any == mailserver(s) == smtp-->DropSpam == REJECT Any == mailserver(s) == smtp-->GoodEmail == ACCEPT Hope this helps someone. -- Chris __________________________________________________ Do You Yahoo!? Yahoo! Auctions - Buy the things you want at great prices! http://auctions.yahoo.com/ ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|