Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [FW1] CVP and relaying

To: [email protected], "'[email protected]'" <[email protected]>
Subject: RE: [FW1] CVP and relaying
From: Jean-Pierre Harvey <[email protected]>
Date: Mon, 7 May 2001 09:16:32 +1000
Sender: [email protected]

Title: RE: [FW1] CVP and relaying

John,

It looks like you may want to permit all hosts on your subnet to relay mail off your mail server. If this is the case then you could add the 212.x.x.17 as a host that is not allowed to relay, and permit the rest. That way mail coming from outside the subnet will not be relayed.

The only issue is if you want your firewall to be able to relay also, like maybe for failure notification, then you will be unable to do so for internet addresses. However, it is more likely that the recipient for a failure notification would be local to the mail server anyway?

If you don't want any host being able to relay then do as Naresh suggests below.

Regards
JP

-----Original Message-----
From: Naresh Narang [mailto:[email protected]]
<snip>
I don't think firewall should be responsible for telling which IP address
the mail is coming from. Your SMTP server should accept mail for your domain
only not for other domains.

>From: John Hardly <[email protected]>
<snip>
>I discovered that my mail server (212.x.x.18 on my DMZ) became an Open Mail
>Relay
>when I installed a CVP with FW-1 4.1.
>Every smtp connection from the FW-1 to the mail server appears to come from
>212.x.x.17 (my localnet is nated behind 212.x.x.17 wich is the IP address
>of
>DMZ interface on my Firewall).
> Even if the SMTP connection come from outside my company, the mail server
>sees only
>that it comes from 212.x.x.17.

Prev by Date: Re: [FW1] Does FireWall-1 Pass SNA Traffic ?
Next by Date: [FW1]
Previous by thread: Re: [FW1] CVP and relaying
Next by thread: [FW1] Event viewer messages
Index(es):
- Date
- Thread