NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW-1] Filtering incoming SMTP "from" your domain via SS



1.  Several of the large dial-up ISPs do not allow port 25 (SMTP)
connections by clients to any but the ISP's own mail servers.  This prevents
spammers from using their dial-up services to reach and abuse unprotected
relay servers.  It also prevents your dial-up users from relaying via your
SMTP server.

2.  Rather than allow relaying for a longish list of static external
addresses, my preference is to equip remote users to connect via VPN, and
from there they can use the SMTP server as if they were on-site.

DG


-----Original Message-----
From: Mailing list for discussion of Firewall-1
[mailto:[email protected]]On Behalf Of Marlo
Montanaro
Sent: Tuesday, June 04, 2002 10:37 AM
To: [email protected]
Subject: Re: [FW-1] Filtering incoming SMTP "from" your domain via SS


We have remote users (usually from their home computers) who like to be able
to reply to messages, or send new messages, and have everything look as if
the email came from the company mail server.  Additionally, all of our
outgoing email is scanned for viruses (which cannot be guaranteed from any
remote user).

Because of the above scenario, it is not possible to have our remote users
use their ISP's mail server as an outgoing mail server for company email.

As a result, remote users are sending mail (sometimes to our domain) that
appear to be coming from our domain- since they actually are from our
domain, and also relaying off of our mail server to other domains so emails
appear to come from a company email address (the nice part here is the
outgoing virus scanning).

The downside of this is that, since we have relay turned off from the
outside, we have to explicitly allow users in by entering them into the mail
server configuration as allowed.  This means they have to have a static IP
address or static hostname.  In reality, many cable-modem subscribers,
although they have DHCP addresses, have the same IP address for months or
years- so it is not hard to keep up with.  It is only the dial-up users who
have a problem (it is unusable for them, in reality).

Marlo

-----Original Message-----
From: Mailing list for discussion of Firewall-1
[mailto:[email protected]]On Behalf Of Coleman,
Clayton
Sent: Tuesday, June 04, 2002 11:20 AM
To: [email protected]
Subject: [FW-1] Filtering incoming SMTP "from" your domain via SS


Here's the scenario:  We block all incoming mail not destined for our mail
domains (to block relay) but we are also considering not allowing people to
deliver mail to us that appear to come from our domain.  Confusing?
Simply put, should we allow someone from the Internet to deliver to our SMTP
server "From: [email protected]" "To: [email protected]" since all
mail from foxboro.com should come from internal?   What would be the
downsides of blocking someone from the Internet who tries to do that?
And, can we do that in a resource...?  I only think it works for the
destination domain, not the source domain of the email.
Thanks much.
Clayton

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================



 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents © 2004 Network Presence, LLC. All rights reserved.