NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW-1] Stopping SMTP Relay on CP FW4.1



It's because % and ! in address mail are used to do redirection of email
with construct like: somebody%[email protected]
which in some case would be seen as mail for YourDomain and
processed as mail for OtherDomain. As they are not legally used
as mail address we can safely drop and email address with those

If you want to know if your mail server is really protected by
your FW-1 you can use mail-abuse.org test procedure as described at
http://www.mail-abuse.org/tsi/ar-test.html

To use it from your MAIL SERVER console do a telnet to :
relay-test.mail-abuse.org

YOU MUST DO IT FROM YOUR MAIL SERVER !

That will try to connect to your port 25 (Filtered by your FW-1)
and will try a lots of way to relay email from your server.

It will show in the telnet window all those it try and a final
result message. With my filter in place you should see this final one:

System appeared to reject relay attempts

Try it...

At 15:44 2001-12-17 +0600, [email protected] wrote:
>Hi Yves
>
>I just read that you solutions did work. I would like to try this too. Can
>you pl tell me the significance of
>"*{*%*,*!*}*" for match recipient? what excatly are redirection
>charactors?
>
>I am pretty new to firewall admin
>
>Thanks
>
>Yves Belle-Isle <[email protected]> wrote on 14-12-2001 20:06
>
>
>You have to block SMTP relaying on on the FW-1 in a
>SMTP Security ressource because by default the FW-1
>SMTP Security server is wide open to SMTP relaying.
>
>Use objects/rules like this:
>
>   First: Name: SMTP-Reject_dest
>          Comment: Reject common redirection characters
>          Exception Track: Log
>          Notify Sender On Error
>          Match Recipient: *{*%*,*!*}*
>          Strip MIME of type:
>          Don't Accept Mail Larger Than 999999 KB
>          CVP Server Anti_Virus
>          CVP Read/Write
>          Allowed Chars: 8-bit
>
>   Second: Name: SMTP-RCV
>           Comment: Receive email for our domains
>           Exception Track: Log
>           Notify Sender On Error
>           Match Recipient: {*@ourdomain_1.com,...,*@ourdomain_N.com}
>           Strip MIME of type:
>           Don't Accept Mail Larger Than 999999 KB
>           CVP Server Anti_Virus
>           CVP Read/Write
>           Allowed Chars: 8-bit
>
>With the two following roules:
>
>Source Destination     Service                  Action Track Comment
>any    our_SMTP_Server smtp -> SMTP-Reject_dest Reject Long  EMAIL with redirect characters
>any    our_SMTP_Server smtp -> SMTP-RCV         Accept Long  EMAIL for our domains
>
>All other incoming traffic is dropped by the catch all rule.
>
>If we put only the second rule with nothing in the Match Recepient,
>anyone can do SMTP relay thru our FW-1 Security server !
>


------------------------------------------------------------
Yves Belle-Isle V.P. VE2YBI YB17        Email: [email protected]
Responsable des Systemes                Tel:Sogi Informatique Ltee.                 Fax:------------------------------------------------------------

=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
If you have any questions on how to change your
subscription options, email Ron Alcatraz at:
[email protected]
=================================================



 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents © 2004 Network Presence, LLC. All rights reserved.