Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [FW1] Please help

To: "'Daniele Bortoluzzi'" <[email protected]>, [email protected]
Subject: RE: [FW1] Please help
From: "Brockhoven, Werner" <[email protected]>
Date: Thu, 27 Sep 2001 16:49:40 +0100
Sender: [email protected]

Hello,

Well smtp resource will catch all smtp connections and drop them.

You need 1 rule

any	-->	mailserver	--> smtp resource		--> accept

Then the resource properties(security server) will decide what is or is not
allow in.

Plus some editing of the Object.C file is needed according to

http://www.europe.f-secure.com/support/av-gateway/firewalls/faq.html

Q. How can I strip attachments in emails? 

A3: If you have installed Check Point FireWall-1 4.1 SP3 you have the option
to strip certain files based on the file extension. You need to define the
extension in /etc/fw/conf/objects.C. Add a forbidden section in the
resourcesobj part. In the example below, the resource is named
smtp-attachment. Close the firewall GUI before manipulating the objects.C
and reinstall the policy after the modification: 


:resourcesobj (resourcesobj 
    : (smtp-attachment 
        :maxsize (1000) 
        :allowed_chars ("8 bit") 
        :av_setting (none) 
        :av_server () 
        :color (blue) 
        :type (smtp) 
        :comments () 
        :err_notify (false) 
        :default_server () 
        :error_server () 
         : (match_from 
            : ("*") 
         ) 
         : (match_to 
            : ("*") 
         ) 
         : (from 
            : () 
         ) 
         : (to 
            : () 
            : () 
         ) 
         : (user_field 
            : () 
            : () 
            : () 
         ) 
        :except_track ("Exception Log" 
            :type (log) 
            :color (Blue) 
            :format (long) 
            :icon (log.pr) 
        ) 
        : (content-type 
            : () 
        ) 
        : (forbiddenfiles 
            : ("{*.vbs,*.exe}") 
        ) 
    ) 
) 

Regards,

Werner

-----Original Message-----
From: Daniele Bortoluzzi [mailto:[email protected]]
Sent: Thursday, September 27, 2001 10:37 AM
To: [email protected]
Subject: [FW1] Please help



Hi all,

I am new in firewall stuff...
I need some advice about stripping email attachments.

I made a rule like  any  -->  mailserver   -->  smtp resource -->  drop

And another below:

I made a rule like  any  -->  mailserver   -->  smtp  -->  accept


But it drops ALL incoming SMTP connections...
If someone helps me telling me how to use mi fw-1 to do this I will
appreciate it a lot :-)

(I am using the windows policy editor...)


ciao
Daniele


============================================================================
====
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
============================================================================
====


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Prev by Date: RE: [FW1] NAT Problem
Next by Date: [FW1] Port 1035 from MS?
Previous by thread: [FW1] Please help
Next by thread: [FW1] RE: Radius authentication - What shows the eventviewer?
Index(es):
- Date
- Thread