[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW-1] CheckPoint FireWall-1 "INSECURE" SMTP server - BIG HOL E!!
Title: RE: [FW-1] CheckPoint FireWall-1 "INSECURE" SMTP server - BIG HOL E!! (Response to Miles' original post) Interesting finding... I tested your data as described below, and I am not convinced that this "allows relaying". The whole concept of relay restriction is that some destinations are permitted, and others are not. The syntax you suggest causes the message to be forwarded to the mail server defined in the SMTP resource rule (the "permitted destination"), but where does it go from there? Well, if you're using any mail server I've ever seen, absolutely nowhere. The firewall has done its job - as you noted in your original post, the SMTP security server does not forward to "forbidden" destinations as relay when properly configured. The destination mail server will drop the request, as it will be unable to find a user named "fred%hotmail.com" in its local address table. The blah%blah.com syntax won't be automatically converted to a valid address by any mail server I know of, much less forwarded, and even if it was, we're now talking about a problem on the mail server, not the firewall. As you noted, you can put whatever you want as long as it ends in @domain.com, but I fail to see the relevance. Example: 220 CheckPoint FireWall-1 secure SMTP server
As with all other security tools, the administrator is welcome to mis/non-configure their software, but this does not mean that the vendor has produced a faulty or insecure product. If anyone has successfully used the firewall-1 SMTP security server when properly configured as a relay, or accomplished anything with the data provided by Miles, please post. Dan Hitchcock -----Original Message-----
Hi all: I think this is only a problem if the mail server that FW-1 relays to is
I have both eSafe and ISVW in my environment. With either implementation,
(Now if we could only do something about those pointless out-of-office
Regards. Bob Webber
"Logic merely enables one to be wrong with authority" - Doctor Who "Firewall-1 (Joe Voisin)" <[email protected]>@beethoven.us.checkpoint.com>
Please respond to Mailing list for discussion of Firewall-1
Sent by: Mailing list for discussion of Firewall-1
To: [email protected]
I had the same problem when using a SMTP Scanning relay (Mcafee) It was receiving the mail, scanning it and then relaying it to the mail
I was blacklisted at orbz.org for nearly a day. I had to revert back to
I have also tried using the SMTP CVP scanning, but it does exactly the same
Regardless, I would always prefer to have something a bit more robust
Joe ======================================================================
-----Original Message-----
The Check Point Firewall-1 secure SMTP server will allow for mail
We have setup many installations of Trend Micros InterScan Viruswall, the
We have recently noticed that many of our customers have been
Defining a domain or multiple domains in the recipient field The 'match'
For example: 220 CheckPoint FireWall-1 secure SMTP server
Mail sent from [email protected] to [email protected], only the domain will
However, When the recipient is defined using special characters such as
For Example: 220 CheckPoint FireWall-1 secure SMTP server
Mail sent from [email protected] to jane%[email protected] will allow
Big problem... This should not be happening. We have had to make adjustments to all of our InterScan Viruswall
We have had to implement a mail server in a DMZ to accept all mail for
While many should say that it is not a good idea to have the Check Point
Why does all the documentation that I have read for configuring using
I've looked all over Check Point's website for any information about
So, In a nutshell, If you are using InterScan Viruswall or any of the
In my opinion The Check Point SMTP secure server is INSECURE and does not
It should NOT allow relaying. Don't use it unless you are prepared to be 'BLACKLISTED'. --
===============================================
===============================================
===============================================
|