NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW-1] Inbound Mail


  • To: [email protected]
  • Subject: Re: [FW-1] Inbound Mail
  • From: "Covington, Chris" <[email protected]>
  • Date: Wed, 24 Sep 2003 11:42:41 -0400
  • Reply-to: Mailing list for discussion of Firewall-1 <[email protected]>
  • Sender: Mailing list for discussion of Firewall-1 <[email protected]>
  • Thread-index: AcOCsRFxygi+rEjlS6OHhW0kMvUCYQAAJ8Hw
  • Thread-topic: [FW-1] Inbound Mail

Don't waste a Public IP just for inbound port 25!  Use an existing
server that is already NATed (or the firewall itself) and allow the
"smtp_mapped" service to this server.  Under advanced properties of the
smtp_mapped rule change "MATCH" to
SRV_REDIRECT(25,internal.spam.filter.ip,25).  Then create a rule that
allows smtp to your internal spam filter server.  Point your external MX
records to the public IP that you've allowed smtp_mapped to.

Also, don't waste time with the SMTP Security service; it introduces too
many complications and doesn't solve any problems.

Chris

-----Original Message-----
From: Mailing list for discussion of Firewall-1
[mailto:[email protected]] On Behalf Of Sahli,
Mike
Sent: Wednesday, September 24, 2003 10:54 AM
To: [email protected]
Subject: [FW-1] Inbound Mail


Hello All
Sorry for the newbie question. We just got a CP Firewall (AI version)
running on a NOKIA IP380 (IPSO 3.7). I spent last week in class for it
and so now have to start setting it up. My question is what the best way
to handle inbound e-mail is. My thought was to set up a one for one NAT
for my e-mail receiving server ( A spam filter server that passes
cleaned mail to the real server) and then have all port 25 traffic to
this address passed through to the spam filter server. I see that the
FW-1 has a SMTP Security service but my understanding is that the FW
will then cache e-mail and I would rather not have it doing that work as
in class they stated this could be cpu intensive. Any thoughts or others
experience with getting e-mail in the firewall would be appreciated.

Michael D Sahli
Sr. Network Administrator
ACS/SMECO=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================



 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents © 2004 Network Presence, LLC. All rights reserved.