NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW-1] Secure SMTP server used for spam relay



Side note... Have you considered restricting who can send mail to
receipients other than @yourdomain.com based on their IP address?  That
would be the best option and would render most of the question moot.

-----Original Message-----
From: Francis Lachance [mailto:[email protected]]
Sent: Monday, August 26, 2002 11:05 AM
To: [email protected]
Subject: [FW-1] Secure SMTP server used for spam relay


Hi,

It seems our CheckPoint FW-1 was used to relay spam mail, here are  the
details.

CheckPoint FW-1 4.1 SP6 on NT 4

We have no DMZ so our mail server is on the internal segment and have only
two valid address available to us (one for the fw external interface and one
for the router). We have a little mail server inside used by only a few
users.The FW-1 SMTP Security Server is enabled and I have the following
rules for SMTP: From Any to firewall smtp(incoming) accept From mailserver
to Any smtp(outgoing) accept The incoming resource states that the sender
can be anybody (*) but the recipients has to be in our domain
(*@ourdomain.com) The outgoing resource states that the sender has to be in
our domain
(*@ourdomain.com) and the recipients can be anybody.

The security group found out that spammers were using the firewall to relay
mail by changing the sender to be [email protected].

Since we only have a few users I changed the incoming resource to state that
the recipients can only be specific users
({user1,user2,user3}@ourdomain.com).
Same thing for the outgoing resource the sender has to match a valid user to
send.

After these changes I feeled we were ok but the security group stated that
we were still vulnerable to spammers and therefore had to disable our smtp
service. What they do is they run the chkspam perl script
(http://vancouver-webpages.com/pub/chkspam) against our firewall external
interface and get the following results: 220 CheckPoint Firewall-1 secure
SMTP server requires HELO: NO allows VRFY username verification: YES allows
EXPN forwarding expansion: NO allows bogus From: header: YES allows simple
mail relaying: YES may allow UUCP mail relaying: NO allows other mail
relaying: NO can mail to postmaster: NO can mail to webmaster: NO can mail
to abuse (RFC 2142): NO

That test looks like it was meant to test Sendmail server is there anyway
that a CheckPoint secure SMTP server can pass that kind of test ? Anybody
had that kind of trouble with the secure SMTP server ?

Thanks
Francis

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================



 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents © 2004 Network Presence, LLC. All rights reserved.