Re: Allowing relay through Watchguard Firebox 1000

["Patrick M. Hausen" <hausen () punkt de>]

Hello!

> That's actually fine -- normally they don't WANT relaying of course -- but I
> have been unsuccessful in my attempts to tell the firebox "It's okay to
> relay from this domain or this set of IP addresses."

Of course Fred Avolio's last statement on the subject really
gets to the heart of the matter: first define your policy, then
check if the desired application is in compliance with it.

But there should be a quick technical solution, if I understand
your setup correctly - you already run an internal mail server
that is protected by the firewall, right?

Why not have the cellphone users use the mail server as a smarthost
if they are "internal" to your network? If they are "external", i.e.
connected to an arbitrary ISP, they should use that ISP's mail
server for relaying anyway.

HTH,

Patrick M. Hausen
Leiter Netzwerke und Sicherheit
-- 
punkt.de GmbH         Internet - Dienstleistungen - Beratung
Vorholzstr. 25        Tel. 0721 9109 -0 Fax: -100
76137 Karlsruhe       http://punkt.de
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards