I have opened up a rule:
from "outside telnet site" destined for "mail-server" using "smtp->mail-resource"
accept
and another:
from "not-us" destined for "mail-server" using "smtp" accept.
This first rule is to establish that our cvp server is not involved, else the service would read "smtp->cvp-resource" (as it has done but doesn't at the moment).
We were being spammed. As soon as we stopped CVP the spamming went away.
Mail now normally uses the second of the two rules and telnet to port 25
returns:
mail from:<[email protected]>
250 ok
rcpt to:<[email protected]>
553 sorry, that domain isn't in my list of allowed
rcpthosts (#5.7.1)
Proving that the mail server is secure from spam relay.
Using telnet from the "outside telnet site" which is applied before the other we can re-produce the spamming relay. The mail resource has been set up as:
This suggests that the firewall smtp security server is actually responsible for the relaying. The message arrives at "[email protected]" as long as the "somewhere.internet" email server is at a site that does not perform a reverse lookup on the mx and find that nthpole.com.au doesn't exist.
I am aware that we are not running the latest service pack on the firewall but I reckon this is a pretty fundamental problem. There seem to be lots of recommendations to do the recipient filtering I have done but mine won't work, is there a tweak I'm missing?
Phoneboy (FireWall-1
FAQ: SMTP Security Server as a Spam Guard) alludes to a "bug":
"Several people mentioned it may be possible to use the SMTP Security
Server as a spam relay in the following situation:
--
---------------------------------------------------------------------
Greg Stroot ----Technical Services Manager----
[email protected]
GCS P/L 97 Highbury Road Burwood Vic. 3125
http://www.gcs.com.au
ph: +61 3 9888 8522 fax: +61 3
9888 8511 mob: 0402 473 113
---------------------------------------------------------------------