[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW1] Firewall doing spam relay ?
Thanks to: Chris F <[email protected]> and Assaf. <[email protected]> who responded with recommendations: SecurePoint - Checkpoint FireWall-1 Archive and ftp://ftp.ealaddin.com/pub/manuals/stop%20spammers.pdf Turned out to be my debugging technique ( I think). The key that I twigged on to was that Chris used a deny. What was happening for me was that the first filter was being applied and firewall started doing proxy. When the session was set to fail because of the bad recipient it used the subsequent more global accept (which also applied). I thought that only the first applicable rule was used, it cascaded down after the securrity server had already kicked in! Chris F wrote: Greg,found it ... see above FW1 SMTP security server must also be protectedOur mail server isn't susceptible to this I believe. My debugging rule was to open a small vulnerability (one specific site) and keep the bulk of email flowing directly to the mail server which was not vulnerable > from "outside telnet site" destined for "mail-server" using "smtp->mail-resource" acceptand > from "not-us" destined for "mail-server" using "smtp" accept.I needed a new rule in between them which read: from "outside telnet site" destined for "mail-server" using "smtp" deny The resource. > The mailnow works to produce: " rcpt to:<[email protected]> 554 Mailbox unavailable. " MUCH BETTER :-) --
|