FW-1 smtp security server

[hermit1 <hermits () mac com>]

I activated the smtp security server in FW-1 to check incoming mail - it 
only checks incoming mail.  It created 2 problems, an open mail relay and 
not recognizing some mail as smtp.

FW-1 appears to check with the mail server to see if a recipient is valid 
before sending the mail on to the mail server.  This is good.  FW-1 also 
appears to check with my mail server to see if the sender is valid before 
accepting the mail.  This is BAD, given my setup.  My sendmail is 
configured to consider any mail originating or ending in my domain as 
allowed.  Since the relay point (firewall) is in my domain, all mail is 
considered valid by sendmail, hence the open relay.

The documentation implies I can put a long list of allowed domains in the 
Recipient field of the server Match tab, but since my current list is 
several dozen domains, that does not delight me.  What do most people 
do?  Is there a better way without setting up another mail server in some 
type of sandwich formation?


Second question:
Several hosts that used to send mail without problems (prior to FW-1 smtp 
server) now get dropped by the Reject All rule later on.  Apparently the 
connections are recognized as smtp by sendmail, but not my FW-1.  The log 
shows successful smtp connections accepted by the correct rule, and labeled 
as "smtp" service.  The unsuccessful connections are labeled "mail" service 
which is how the Nokia /etc/service file lists port 25.  Does anyone have 
any suggestions about what is going on?

Thanks,
hermit1




***************************************************
This is an email.  Don't rely on anything seen here
as being accurate without testing it yourself.
***************************************************

_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://www.nfr.com/mailman/listinfo/firewall-wizards