NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW-1] can't send SMTP mail



My Global rule allow traffic originate from firewall. And I also manually
create a rule to allow outgoing SMTP traffic to go out from the firewall. I
saw in the log that the SMTP mail did out go, but I always can't get the
mail when the NG policy is on.

But, my implementation is a bit different. Let me explain..  I am sending a
SMTP mail from a Checkpoint NG box, but the mail will go thru another
checkpoint firewall 2000 (on the same LAN) before going to the internet.  I
don't know whether it will affect the mail sending or not.  But I am sure
the second firewall shouldn't block it as when I unload the policy on my
checkpoint NG box without unload policy in my checkpoint 2000 (second
firewall), I will be get the mail.  Why??  Any idea??

From: "<Aaron Reynolds>" <[email protected]>

look at global properties.  Is the allow traffic originating from firewall
option checked?  If not you need to turn it on or create manual rules.

-Aaron

-----Original Message-----
From: Martin byford [mailto:[email protected]]
Sent: Tuesday, February 18, 2003 10:19 AM
To: [email protected]
Subject: [FW-1] can't send SMTP mail


Hi.. I found that I can't send the SMTP mail from the firewall itself when the firewall policy is on. But when I fw unload localhost, I have no problem sending it. I can't understand this. I thought firewall by default it will allow any traffic from the firewall itself regardless any policy installed on it right.

FYI.. I installed postfix SMTP client on the firewall and below is the
error
msg.
Feb 13 13:45:45 fw1 postfix/smtp[13177]: [ID 197553 mail.info] connect to
mx2
.hotmail.com[65.54.254.145]: Connection timed out (port 25)

Could it be related to the $FWDIR/conf/smtp.conf file, I found the default
timeout is 90s in my NG while the default timeout in my CP2000 is 900s
which
I have no problem sending SMTP mail.

bash-2.03# more smtp.conf
detailed_smtp_err_mail false
detailed_av_err_mail false
detailed_rb_err_mail false
max_ips_per_mx_node 1
max_mx_node_per_mail 5
max_conns_per_site 6
max_conns 40
max_mails_per_conn 20
spool_limit_scan_period 20
spool_limit 20000
timeout 90
scan_period 2
resend_period 600
abandon_time 43200
max_mail_size 1000
maxrecipients 50

_________________________________________________________________
MSN 8 with e-mail virus protection service: 2 months FREE*
http://join.msn.com/?page=features/virus

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================


_________________________________________________________________
Tired of spam? Get advanced junk mail protection with MSN 8.
http://join.msn.com/?page=features/junkmail

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================



 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents © 2004 Network Presence, LLC. All rights reserved.