[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW-1] Filtering incoming SMTP "from" your domain via SS
Ok, so I *do* have a clue. :) If your concern is a 'technical' measure to eliminate spam (volume/annoyance), locking this down won't do you much good, again because most spam isn't going to look like this anyway. *However*, if your concern is social engineering-- i.e., someone outside forging a message from the president to get someone inside to take a specific action-- well, now, that's a darned good reason to take the extra precaution you describe. Never looked at it that way before but it's a good technique to use. -----Original Message----- From: Coleman, Clayton [mailto:[email protected]] Sent: Tuesday, June 04, 2002 12:39 PM To: [email protected] Subject: Re: [FW-1] Filtering incoming SMTP "from" your domain via SS You were correct in saying we want to prevent spammers from dumping things into our net and have them appear to be from our net. In one example: Let's say someone sitting on their home dialup does this to our Internet SMTP server: MAIL FROM: [email protected] RCPT TO: [email protected] DATA Hey baby, let's hook up. . We don't want that to happen... We would want the firewall to say "hey, since foxboro.com is internal, it can't be the source!" I'm trying to determine what things could go wrong and could the security service have a problem doing it... Clayton -----Original Message----- From: Russell Washington [mailto:[email protected]] Sent: Tuesday, June 04, 2002 1:16 PM To: [email protected] Subject: Re: [FW-1] Filtering incoming SMTP "from" your domain via SS I'm a little confused. If someone is sending legitimate email to [email protected], you're accepting it. If the 'from' email address is forged to be [email protected], but the to address is still [email protected], there is a legitimate recipient for the message on your network. I'm trying to determine the benefit to putting in the no-forge restriction. Is the idea to prevent spammers from dumping things into your net? If so, it's an interesting idea, but the spam I get rarely forges the from address as being specifically from *my* domain. On its face it sounds like added complexity with minimal benefit. Could you perhaps clarify the intended goal? -----Original Message----- From: Coleman, Clayton [mailto:[email protected]] Sent: Tuesday, June 04, 2002 8:20 AM To: [email protected] Subject: [FW-1] Filtering incoming SMTP "from" your domain via SS Here's the scenario: We block all incoming mail not destined for our mail domains (to block relay) but we are also considering not allowing people to deliver mail to us that appear to come from our domain. Confusing? Simply put, should we allow someone from the Internet to deliver to our SMTP server "From: [email protected]" "To: [email protected]" since all mail from foxboro.com should come from internal? What would be the downsides of blocking someone from the Internet who tries to do that? And, can we do that in a resource...? I only think it works for the destination domain, not the source domain of the email. Thanks much. Clayton ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
|