[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW-1] Restrict telnet to port 25 via firewall.
Sure, you can restrict access to the SMTP port. Be aware though that any network/domain you restrict won't be able to send legitimate mail either. If you are worried about external users impersonating you users, disable the VRFY function and do name mapping to help (this is not a fool-proof solution) mask legitimate usernames. If you worry about users from your organization impersonating other users you will need to keep good logs and be prepared to investigate. You can do authorization with ident but then you still fall prey to the legitimate vs. illegitimate user issue. Ident info is easy to spoof. I admit to being a bit behind the times when it comes to email but there may be something equivalent to source routing verification with newer mail servers. You may be able to create this situation with a border mail relay. For example, if you have a mail gateway and a mail host you can have the mail GW only accept mail for domain.com from hosts not within mail.com. Likewise, the mail host will only accept mail from internal hosts and the GW. Chris -----Original Message----- From: Navin Mehra/MUM/IN/STTL To: [email protected] Sent: 3/24/02 11:52 PM Subject: [FW-1] Restrict telnet to port 25 via firewall. Hi, I have a Lotus Notes mail server behind my firewall (Checkpoint 4.1 sp4), the problem is anyone from outside is able to telnet my smtp port 25 and compose a mail and send it. The issue is though my mail server restricts free relay he/she can compose a mail via telnet to port 25 in name of anyone else in the same domain and send a false mail on his behalf. So is there anyway where by I can block the telnet to port 25 and thereby stop the composition of a mail. Is there a way to authorise the telnet to service ports. Requesting assistance Regards Navin Mehra Softcell Technologies Ph. 460 6969 Extn. 220 ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] ================================================= ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
|