Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [FW1] Anti-Spam/Relay w/ SMTP Security Server

To: Will Schwartz <[email protected]>, Firewall One List <[email protected]>
Subject: RE: [FW1] Anti-Spam/Relay w/ SMTP Security Server
From: Chris F <[email protected]>
Date: Fri, 23 Feb 2001 07:46:44 -0800 (PST)
In-reply-to: <[email protected]>
Sender: [email protected]

I don't notice any impact.ut There must be some --
after all, FW1 does have to inspect the headers.
Though, it does it extremely fast :)

In my Solaris environment, I don't have any problems
with the SMTP security server checking inbound SMTP
traffic this way.

I understand that there are issues with the SMTP
security server for sending outbound. Just put your
outbound SMTP rule before any rule using the SMTP
resource, and you should bypass the SMTP security
server and be saved it's "issues" :)

HTH -- Chris

--- Will Schwartz <[email protected]>
wrote:
> 
> Is there a significant performance impact when using
> this in a production
> environment?
> 
> I know there is an impact when ever you use a
> security server.
> 
> Thanks for the good info, very helpful.
> Will
> 
> 
> 
> -----Original Message-----
> From: [email protected]
>
[mailto:[email protected]]On
> Behalf Of
> Chris F
> Sent: Thursday, February 22, 2001 10:56 AM
> To: Griffith, Joe; Firewall One List
> Subject: [FW1] Anti-Spam/Relay w/ SMTP Security
> Server
> 
> 
> 
> Hi All,
> 
> Several folks have asked for me to post this. Here's
> how you can limit spam/relaying with FW-1's SMTP
> security server.
> 
> Note: If you search this list, or look at resources
> such as www.phoneboy.com -- you can probably find
> this
> information as well. I did find info in the FW v3.0b
> books.
> 
> 
> Anti-Spam/Relay Rules Using FW-1's SMTP Security
> Server
> 
> In my implementation, I use two rules: A and B. Both
> are discussed below:
> 
> A. DropSpam
> PURPOSE: Reject any email using the "!" or "%"
> syntax
> to relay mail off your mailserver(s)
> 
> 1- Create an STMP Resource (call it DropSpam)
> 2- Within the Match tab, put the following:
>   Sender: *
>   Recipient: *{!,%}*@*
> 
> Put this SMTP Resource in a rule BEFORE your SMTP
> accept rule for email to reject any attempts to
> relay
> off your SMTP box(es). This rule should look
> something
> like:
> 
> Any == mailserver(s) == smtp-->DropSpam == REJECT
> 
> 
> B. GoodEmail
> PURPOSE: Accept only that email for which you
> MX/relay
> for.
> 
> 1- Create an SMTP Resource (call it GoodEmail)
> 2- Within the Match tab, put the following:
>   Sender: *@*
>   Recipient: *@{domain1,domain2,domain3}.com
> 
> If you're like me, and you have com and org
> top-level
> domains, you can use this syntax:
> *@{domain1,domain2,domain3}.{com,org}
> 
> For example:
> *@{cnn,aol,up200}.{com,org}
> 
> You could make individual rules for each domain for
> more security -- but the interest here is simplicity
> and efficiency.
> 
> 3- Fill in Action2 tab with CVP/AV information -- if
> you use such a solution
> 
> Use this SMTP Resource in a rule to accept email.
> This
> rule should look something like:
> 
> Any == mailserver(s) == smtp-->GoodEmail == ACCEPT
> 
> Therefore, your final rulebase should include the
> following rules to filter SMTP traffic:
> 
> Any == mailserver(s) == smtp-->DropSpam == REJECT
> Any == mailserver(s) == smtp-->GoodEmail == ACCEPT
> 
> 
> Hope this helps someone.
> 
> -- Chris
> 
> __________________________________________________
> Do You Yahoo!?
> Yahoo! Auctions - Buy the things you want at great
> prices!
> http://auctions.yahoo.com/
> 
> 
>
============================================================================
> ====
>      To unsubscribe from this mailing list, please
> see the instructions at
>               
> http://www.checkpoint.com/services/mailing.html
>
============================================================================
> ====
> 
> 
> 
>
================================================================================
>      To unsubscribe from this mailing list, please
> see the instructions at
>               
> http://www.checkpoint.com/services/mailing.html
>
================================================================================


__________________________________________________
Do You Yahoo!?
Yahoo! Auctions - Buy the things you want at great prices! http://auctions.yahoo.com/


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

References:
- RE: [FW1] Anti-Spam/Relay w/ SMTP Security Server
  - From: "Will Schwartz" <[email protected]>

Prev by Date: [FW1] DMZ Setup
Next by Date: RE: [FW1] High Port FTP
Previous by thread: RE: [FW1] Anti-Spam/Relay w/ SMTP Security Server
Next by thread: [FW1] GUI 4.1 (41813) Unstable?
Index(es):
- Date
- Thread