NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW-1] Stopping SMTP Relay on CP FW4.1



What a nice solution: You force all external emails to be rejected by the
                      lowest MX record for your domain and so to have to
                      use the next level MX record which point to your ISP.

So you have the ISP do the SMTP Relay blocking for you. THE PROBLEM IS THAN
IT WORK ONLY IF THE LOWEST LEVEL MX RECORD TO ACCEPT SMTP CONNECTION IS
CONFIGURED TO REJECT SMTP RELAY. But i now ask: how does this MX processor
block SMTP relay if it is behing a FW-1 doing content inspection.

PROBLEM WITH YOUR SOLUTION: Anyone using FW-1 2000 to send you email
                            thru a Security server can't because FW-1
                            try to send email only to lowest MX record.
                            For exemple i put you in the CC: field and
                            you won't receive it because my firewall
                            say "can't connect to final MTA"

So your solution work's for you but you are blocking legitime emails
to you and it depend on someone else, whose you don't have control on, to
do the dirty job of block SMTP RELAY.

See my previous post for a method which work for every one using
Security server off FW-1...

At 08:25 2001-12-14 -0500, Perbix, Michael wrote:
>actually I just gor a list of the SMTP servers from our ISP and put them in
>a group and added a rule that says...
>
>ISP_SMTP     Mail Server       SMTP     ALLOW
>Internal Users
>
>This way only SMTP mail being delivered from our ISP and internal users
>comes through.   Everything else is just rejected.  Quick and dirty, but it
>works, and no complaints so far.  Only problem is that if our ISP changes
>mailserver IP numbers or something.....
>
>  -mike
>
>> -------------------------------------
>> Michael Perbix
>> Telecommunications Specialist
>> Lower Merion School District
>>- Phone
>>- Fax
>>


------------------------------------------------------------
Yves Belle-Isle V.P. VE2YBI YB17        Email: [email protected]
Responsable des Systemes                Tel:Sogi Informatique Ltee.                 Fax:------------------------------------------------------------

=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
If you have any questions on how to change your
subscription options, email Ron Alcatraz at:
[email protected]
=================================================



 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents © 2004 Network Presence, LLC. All rights reserved.