NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW-1] Stopping SMTP Relay on CP FW4.1



You have to block SMTP relaying on on the FW-1 in a
SMTP Security ressource because by default the FW-1
SMTP Security server is wide open to SMTP relaying.

Use objects/rules like this:

   First: Name: SMTP-Reject_dest
          Comment: Reject common redirection characters
          Exception Track: Log
          Notify Sender On Error
          Match Recipient: *{*%*,*!*}*
          Strip MIME of type:
          Don't Accept Mail Larger Than 999999 KB
          CVP Server Anti_Virus
          CVP Read/Write
          Allowed Chars: 8-bit

   Second: Name: SMTP-RCV
           Comment: Receive email for our domains
           Exception Track: Log
           Notify Sender On Error
           Match Recipient: {*@ourdomain_1.com,...,*@ourdomain_N.com}
           Strip MIME of type:
           Don't Accept Mail Larger Than 999999 KB
           CVP Server Anti_Virus
           CVP Read/Write
           Allowed Chars: 8-bit

With the two following roules:

Source Destination     Service                  Action Track Comment
any    our_SMTP_Server smtp -> SMTP-Reject_dest Reject Long  EMAIL with redirect characters
any    our_SMTP_Server smtp -> SMTP-RCV         Accept Long  EMAIL for our domains

All other incoming traffic is dropped by the catch all rule.

If we put only the second rule with nothing in the Match Recepient,
anyone can do SMTP relay thru our FW-1 Security server !

At 22:28 2001-12-13 -0500, FW1-List wrote:
>I just found out that my CheckPoint Firewall is allowing SMTP Relaying.  How do I shut it off but still allow SMTP mail to come in and get redirected to my email server?  I tried using the rule ANY  FIREWALL  SMTP_Mapped  ACCEPT  (where I have smtp_mapped mapped over to my E2k server), but when I did this, all SMTP was rejected.  I put back my rule of ANY  FIREWALL  SMTP->email  ACCEPT  (where I had SMTP with a Resource called email) and email was allowed in again but it turned on relaying again.  Any suggestions??
>
>Any help would greatly be appreciated.
>
>Robert.


------------------------------------------------------------
Yves Belle-Isle V.P. VE2YBI YB17        Email: [email protected]
Responsable des Systemes                Tel:Sogi Informatique Ltee.                 Fax:------------------------------------------------------------

=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
If you have any questions on how to change your
subscription options, email Ron Alcatraz at:
[email protected]
=================================================



 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents © 2004 Network Presence, LLC. All rights reserved.