RE: proxy firewall and email

["Dom De Vitto" <dom () devitto com>]

Firstly, Exchange 5.5 (&5.0?) has that daft 'encapsulated SMTP' bug,
so anyone can relay through 5.5 (unless it's fully patched up).
[ Exchange patches are like CERT advisories, always very late and
  always very serious. ]

Secondly, I thought Raptor had a list of (max 30?) domains that it
would accept for, so that should be setup, rather than accept any.

Thirdly, the mailer is broken if it even LOOKS at the From: field,
or anything else in the 'DATA' portion.  SMTP is about transfer,
there is another RFC about what the 'DATA' bit means - most mailers
only prepend an appropriate 'Recieved' (as per the RFC) to the DATA.

Once you've punched the domain lists into raptor I see much of the
problem going away, if it isn't MAIL TO someone@domain the mail won't
ever be accepted by the raptor box.  You may well want to enable MAPS
RBL'ing and as that means the FW does DNS lookups, a local caching DNS
server would help with speed & resiliance.

Best of luck,
Dom
PS.Wow, I get to answer a question from Phoneboy, I must be good or wrong:)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Dom De Vitto
Secure Technologies Ltd.                           Mob. 07971 589 201
mailto:dom () devitto com                             Tel. 01202 738 767
http://www.devitto.com                             Fax. 08700 548 750
The views expressed herein are not necessarily those of me, I MaaaaaaaD.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -


-----Original Message-----
From: owner-firewall-wizards () lists nfr net
[mailto:owner-firewall-wizards () lists nfr net]On Behalf Of
dwelch () uswestmail net
Sent: Wednesday, January 05, 2000 12:21 AM
To: neil.ratzlaff () ucop edu
Cc: firewall-wizards () lists nfr net
Subject: Re: proxy firewall and email


Exchange should be able to do some of this. Exchange 5.5 has the ability to turn off mail relaying (i.e. only send 
email to or from a particular domain). That way they could at least prevent people from using their SMTP server as a 
spam relay. It's possible the presence of Raptor may short-circuit that.

-- Dameon

On Mon, 03 January 2000, Neil Ratzlaff wrote:

> The Raptor firewall accepts all mail and passes it to the smtp server for 
> delivery.  If the recipient is not a valid user, the mail gets bounced by 
> the smtp server, but to the address in the From field, not to the sender or 
> last smtp server.  Since you can put anything you want to in that field, 
> you can send spam via this relay, albeit perhaps slowly.  The firewall does 
> not keep a list of legitimate users, so it  can't reject mail as it should.
>
> I am sure other places have dealt with this process, so how can I advise 
> this site to fix their setup?  I would expect that Raptor should be able to 
> hook into Exchange to validate recipients, but the site admin tells me it 
> can't.  I would be happy to tell them how to make Raptor just check that 
> the recipient domain is correct, which should be easy to check.  A post 
> from the May99 archive of this list strongly suggests this is the correct 
> way to proceed.

--
Dameon D. Welch, a.k.a. PhoneBoy (dwelch () phoneboy com)
Check Point FireWall-1 FAQs at http://www.phoneboy.com/fw1/
The views expressed herein are not necessarily those of anyone else.
--
Signup for your free USWEST.mail Email account http://www.uswestmail.net

Attachment: Domenico De Vitto.vcf
Description: