[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW-1] RBL List?
Thanks for the response. I know all about the security servers (all of them) being terrible attempts at putting some extra security in FW-1 and I agree with you on their shortcomings (I'm only using the SMTP security server for inbound mail). I figured that if I can have an added layer of security for inbound mail, why not use them rather than having external mail servers connect directly to my Sendmail servers through the FW. My setup now has the firewall (SMTP security servers) doing nothing more than accepting the mail and fowarding it right to one of our two Sendmail servers who in turn forwards the mail to one of two virus scanning servers and into our internal Exchange environment. We originally had a security requirement for the Sendmail boxes, that requirement is no longer needed. Having said that, these boxes really aren't doing anything useful in my opinion other than being another hop and another set of boxes that have to be maintained. My thinking is that the firewall can just forward the mail directly to the virus scanning servers and get rid of the Sendmail boxes all-together, it's not that we are un-happy with them, I just don't feel they are providing anything we really need at this point. Again, the only problem is that I have a requirement to setup the RBL in the future so I am wondering if the Firewall can handle this. Thanks JMS -----Original Message----- From: Don [mailto:[email protected]] Sent: Wednesday, May 15, 2002 1:56 PM To: [email protected] Subject: Re: [FW-1] RBL List? > Does FW-1 v4.1 (SP4 specifically) support the use of the RBL (Realtime > Black Hole List) for SMTP. I am using the security servers currently > to process all of our inbound mail (which actually forwards from the > firewall(s) to 2 Sendmail servers but we are getting rid of the > Sendmail boxes for various > reasons) and have a requirement coming up to use the RBL for inbound mail to > help with SPAM. If FW-1 supports the RBL, how can this be configured, I > haven't found much thus far. Do yourself a favor, do not use the CheckPoint security servers. They are terrible pieces of software and should not be used except in an emergency. Configure a real mail relay for this purpose. If you are unhappy with sendmail, you can use postfix, qmail or exim instead. They all support anti-virus plugins and have RBL support. They scale much larger than the CheckPoint Security Server, they have fewer bugs, they do not crash as often, and they do not add any load to your firewall. Consider this: if there is a vulnerability in the SMTP security server, and you are running it, someone can compromise your firewall. If you are running a seperate mail relay, you will be safe. -Don ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] ================================================= ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
|