NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FW-1] Mail, Stripping and FW1



I'm currently running Checkpoint 4.1sp3 on a Sun Ultra5 with Solaris 2.6.  I
have configured FW1 to strip attachments at the firewall (which is working
fine). My mail server is a Mandrake Linux 7.2 running Sendmail 8.11.0.

The Problem:

My /var/log/mail/info file (on my mail server) has the following lines:

---%< snip ---
Jan 15 15:30:00 ogma sendmail[5211]: NOQUEUE: [192.168.7.1] did not issue
MAIL/EXPN/VRFY/ETRN during connection to MTA
Jan 15 15:30:00 ogma sendmail[5212]: NOQUEUE: [192.168.7.1] did not issue
MAIL/EXPN/VRFY/ETRN during connection to MTA
Jan 15 15:30:00 ogma sendmail[5213]: NOQUEUE: [192.168.7.1] did not issue
MAIL/EXPN/VRFY/ETRN during connection to MTA
Jan 15 15:30:00 ogma sendmail[5214]: NOQUEUE: [192.168.7.1] did not issue
MAIL/EXPN/VRFY/ETRN during connection to MTA
Jan 15 15:30:00 ogma sendmail[5215]: NOQUEUE: [192.168.7.1] did not issue
MAIL/EXPN/VRFY/ETRN during connection to MTA
Jan 15 15:30:00 ogma sendmail[5216]: NOQUEUE: [192.168.7.1] did not issue
MAIL/EXPN/VRFY/ETRN during connection to MTA
---%< snip ---

I'll get about 50 of these in a row in one shot.  (FYI:  192.168.7.1 is the
address of FW1 on it's internal interface).

If I do a netstat on my FW box, I see the following:

---%< snip ---
qfe0.52560           192.168.11.245.smtp  32120      0  8760      0
ESTABLISHED
qfe0.52561           192.168.11.245.smtp  32120      0  8760      0
ESTABLISHED
qfe0.52562           192.168.11.245.smtp  32120      0  8760      0
ESTABLISHED
qfe0.52563           192.168.11.245.smtp  32120      0  8760      0
ESTABLISHED
qfe0.52564           192.168.11.245.smtp  32120      0  8760      0
ESTABLISHED
qfe0.52485           192.168.11.245.smtp  32120      0  8760      0
FIN_WAIT_2
qfe0.52486           192.168.11.245.smtp  32120      0  8760      0
FIN_WAIT_2
qfe0.52487           192.168.11.245.smtp  32120      0  8760      0
FIN_WAIT_2
qfe0.52565           192.168.11.245.smtp  32120      0  8760      0
ESTABLISHED
qfe0.52566           192.168.11.245.smtp  32120      0  8760      0
ESTABLISHED
qfe0.52567           192.168.11.245.smtp  32120      0  8760      0
ESTABLISHED
---%< snip ---

and there are about 50+ of those smtp entries.

What I'm speculating is that because FW1 isn't sending a MAIL/EXPN/VRFY/ETRN
when communicating with my Sendmail server, it's hanging until the
connection times out, which then floods my logs.  But, I've never seen my
active connections on the FW clear out as we have a busy mail server.

I could be completely off base, as I consider myself a newbie, but my
questions are:  1)  Why doesn't FW1 send MAIL/EXPN/VRFY/ETRN to the mail
server during it's connection to MTA;  2) should I have 50+ smtp connections
when I do a netstat on my FW1 box;  3) if these two are legit problems, are
they related to each other?

Thanks in advance for your patience and help.

Christian

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================



 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents © 2004 Network Presence, LLC. All rights reserved.