NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW-1] RBL List?



Thanks for the response.  I know all about the security servers (all of
them) being terrible attempts at putting some extra security in FW-1 and I
agree with you on their shortcomings (I'm only using the SMTP security
server for inbound mail).  I figured that if I can have an added layer of
security for inbound mail, why not use them rather than having external mail
servers connect directly to my Sendmail servers through the FW.  My setup
now has the firewall (SMTP security servers) doing nothing more than
accepting the mail and fowarding it right to one of our two Sendmail servers
who in turn forwards the mail to one of two virus scanning servers and into
our internal Exchange environment.

We originally had a security requirement for the Sendmail boxes, that
requirement is no longer needed.  Having said that, these boxes really
aren't doing anything useful in my opinion other than being another hop and
another set of boxes that have to be maintained.  My thinking is that the
firewall can just forward the mail directly to the virus scanning servers
and get rid of the Sendmail boxes all-together, it's not that we are
un-happy with them, I just don't feel they are providing anything we really
need at this point.

Again, the only problem is that I have a requirement to setup the RBL in the
future so I am wondering if the Firewall can handle this.

Thanks

JMS

-----Original Message-----
From: Don [mailto:[email protected]]
Sent: Wednesday, May 15, 2002 1:56 PM
To: [email protected]
Subject: Re: [FW-1] RBL List?


> Does FW-1 v4.1 (SP4 specifically) support the use of the RBL (Realtime
> Black Hole List) for SMTP.  I am using the security servers currently
> to process all of our inbound mail (which actually forwards from the
> firewall(s) to 2 Sendmail servers but we are getting rid of the
> Sendmail boxes for various
> reasons) and have a requirement coming up to use the RBL for inbound mail
to
> help with SPAM.  If FW-1 supports the RBL, how can this be configured, I
> haven't found much thus far.
Do yourself a favor, do not use the CheckPoint security servers.

They are terrible pieces of software and should not be used except in an
emergency. Configure a real mail relay for this purpose. If you are unhappy
with sendmail, you can use postfix, qmail or exim instead. They all support
anti-virus plugins and have RBL support. They scale much larger than the
CheckPoint Security Server, they have fewer bugs, they do not crash as
often, and they do not add any load to your firewall.

Consider this: if there is a vulnerability in the SMTP security server, and
you are running it, someone can compromise your firewall. If you are running
a seperate mail relay, you will be safe.

-Don

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================



 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents © 2004 Network Presence, LLC. All rights reserved.