Firewall Wizards mailing list archives
RE: Allowing relay through Watchguard Firebox 1000
From: Frederick M Avolio <fred () avolio com>
Date: Sat, 21 Feb 2004 15:51:12 -0500
At 03:40 PM 2/21/2004 -0500, Karl D. Mueller wrote:
My suggestion is to remove the SMTP proxy alltogether from the watchguard, and just setup a port forward (1-to-1 NAT in watchguard-speak) directly to your server.
Ahhhrrrggggg. <sarcasm>You *will* find things are much faster without all those nasty firewall rules getting in the way.
</sarcasm>I was impressed that some people were actually using the SMTP proxy rather than just dynamic packet filtering on the Firebox. Take it out of the way? No, debug it, dammit. It is possible (as the poor gent with the Exchange server asked) that it is the inside server that's complaining. Look at the Firebox logs and the e-mail server logs. SMTP relays are funny things... they reject mail themselves and the reject mail if the server to which they tried to connect rejects the transaction.
I was so enamored with the Firebox SMTP Proxy, I wrote a column for them (a few years ago when I was on their advisory board). It is dated, but I do make a case for it. (http://www.avolio.com/columns/smtp_proxy.html.)
I suspect sometimes that I am the oldest person on this list... f _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Allowing relay through Watchguard Firebox 1000 Bob Alberti (Feb 21)
- Re: Allowing relay through Watchguard Firebox 1000 Frederick M Avolio (Feb 21)
- Re: Allowing relay through Watchguard Firebox 1000 Paul Robertson (Feb 21)
- Re: Allowing relay through Watchguard Firebox 1000 Patrick M. Hausen (Feb 23)
- <Possible follow-ups>
- RE: Allowing relay through Watchguard Firebox 1000 Karl D. Mueller (Feb 21)
- RE: Allowing relay through Watchguard Firebox 1000 Frederick M Avolio (Feb 21)
- RE: Allowing relay through Watchguard Firebox 1000 Marcus J. Ranum (Feb 23)
- RE: Allowing relay through Watchguard Firebox 1000 Karl D. Mueller (Feb 21)
- RE: Allowing relay through Watchguard Firebox 1000 Karl D. Mueller (Feb 26)