Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Fw: [FW1] mail / smtp security server problem

To: "[email protected]" <[email protected]>
Subject: Fw: [FW1] mail / smtp security server problem
From: "K" <[email protected]>
Date: Mon, 30 Jul 2001 12:49:02 -0400
Sender: [email protected]

I checked the NAT and other than the Static-Hide NAT overlap all looks fine
to me.  I still haven't heard any responses directly in response to the 2
questions at the bottom.  Help anyone?  I think my boss will kill me if we
don't get mail at work again soon.  ;^)


<note> address removed below since response was directly to me.
----- Original Message -----

Subject: RE: [FW1] mail / smtp security server problem


> I recently had a very similar probem.  Mail could get in, but not out.  It
> turned out to mis-configured NAT.  I don't know if that is the case with
> your firewall, but that is where I would start looking.  I discovered the
> problem by examining the log.
>
> David Hoobler
>
> > -----Original Message-----
> > From: K [SMTP:[email protected]]
> > Sent: Friday, July 27, 2001 7:56 PM
> > To: [email protected]
> > Subject: [FW1] mail / smtp security server problem
> >
> >
> > I am having some issues I've not seen before.  This is a small company
> > originally only dsl router running NAT on netopia.  We added a
checkpoint
> > FW
> > on a Linux appliance (Intrusion.com, PDS2100)
> >
> > New installis like this:
> >
> > router -internet legal inside and out (anti-spoofing etc...)
> > FW -external interface internet legal, internal NATted addresses.
> >
> > legal address range assigned to us is X.Y.Z.72/29
> > The internal interface of router is X.Y.Z.73
> > The external interface of the firewall is X.Y.Z.74
> > I configured an object for the mail server with Static NAT
> >      behind X.Y.Z.75    real IP 10.99.67.5/24
> > I configured a network object for all traffic on the 10.99.67.0/24 net
to
> > hide behind
> >      X.Y.Z.76
> >
> > SMTP resources
> > "Badmailin" rule--        from *@ourdomain.com     to *
> > reject
> > "Goodmailin" rule--     from  *                                to
> > *@ourdomain.com      accept
> > "Cleanupmail" rule--     from *                                to *
> > reject
> >
> > Mail can get out
> > Mail cannot in
> >
> > When I connect to mail.ourdomain.com on port 25 using terraterm a
> > connection
> > is made but there is NO checkpoint banner.  (no I haven't changed the
> > banner
> > yet, I'm still worrying about getting it working.  (I ran cpconfig and
> > didn't see an option like snmp to start and stop a daemon as with snmpd,
> > did
> > I miss one?)
> >
> > QUESTION 1:  Might there be a NAT problem because I am hiding all of
> > internal net (10.99.67.0/24) behind X.Y.Z.76, while the mail server (on
> > the
> > same net) is statically hiding behind X.Y.Z.75 ?  Or do you have any
other
> > idea's?
> >
> > QUESTION 2:  Why don't I see the smtp security server banner when I
attach
> > on 25?
> >
> > Additional insight welcome.
> >
> > K
> >
> >
> >
> >
> >
==========================================================================
> > ======
> >      To unsubscribe from this mailing list, please see the instructions
at
> >                http://www.checkpoint.com/services/mailing.html
> >
==========================================================================
> > ======
>



================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Prev by Date: [FW1] REXEC
Next by Date: [FW1] decryption failure: Authentication failure scheme: IKE
Previous by thread: [FW1] mail / smtp security server problem
Next by thread: [FW1] Windows 2000 Routing
Index(es):
- Date
- Thread