Firewall Wizards mailing list archives
RE: proxy firewall and email
From: "Dom De Vitto" <dom () devitto com>
Date: Fri, 7 Jan 2000 12:00:16 -0000
Firstly, Exchange 5.5 (&5.0?) has that daft 'encapsulated SMTP' bug, so anyone can relay through 5.5 (unless it's fully patched up). [ Exchange patches are like CERT advisories, always very late and always very serious. ] Secondly, I thought Raptor had a list of (max 30?) domains that it would accept for, so that should be setup, rather than accept any. Thirdly, the mailer is broken if it even LOOKS at the From: field, or anything else in the 'DATA' portion. SMTP is about transfer, there is another RFC about what the 'DATA' bit means - most mailers only prepend an appropriate 'Recieved' (as per the RFC) to the DATA. Once you've punched the domain lists into raptor I see much of the problem going away, if it isn't MAIL TO someone@domain the mail won't ever be accepted by the raptor box. You may well want to enable MAPS RBL'ing and as that means the FW does DNS lookups, a local caching DNS server would help with speed & resiliance. Best of luck, Dom PS.Wow, I get to answer a question from Phoneboy, I must be good or wrong:) - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Dom De Vitto Secure Technologies Ltd. Mob. 07971 589 201 mailto:dom () devitto com Tel. 01202 738 767 http://www.devitto.com Fax. 08700 548 750 The views expressed herein are not necessarily those of me, I MaaaaaaaD. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -----Original Message----- From: owner-firewall-wizards () lists nfr net [mailto:owner-firewall-wizards () lists nfr net]On Behalf Of dwelch () uswestmail net Sent: Wednesday, January 05, 2000 12:21 AM To: neil.ratzlaff () ucop edu Cc: firewall-wizards () lists nfr net Subject: Re: proxy firewall and email Exchange should be able to do some of this. Exchange 5.5 has the ability to turn off mail relaying (i.e. only send email to or from a particular domain). That way they could at least prevent people from using their SMTP server as a spam relay. It's possible the presence of Raptor may short-circuit that. -- Dameon On Mon, 03 January 2000, Neil Ratzlaff wrote:
The Raptor firewall accepts all mail and passes it to the smtp server for delivery. If the recipient is not a valid user, the mail gets bounced by the smtp server, but to the address in the From field, not to the sender or last smtp server. Since you can put anything you want to in that field, you can send spam via this relay, albeit perhaps slowly. The firewall does not keep a list of legitimate users, so it can't reject mail as it should. I am sure other places have dealt with this process, so how can I advise this site to fix their setup? I would expect that Raptor should be able to hook into Exchange to validate recipients, but the site admin tells me it can't. I would be happy to tell them how to make Raptor just check that the recipient domain is correct, which should be easy to check. A post from the May99 archive of this list strongly suggests this is the correct way to proceed.
-- Dameon D. Welch, a.k.a. PhoneBoy (dwelch () phoneboy com) Check Point FireWall-1 FAQs at http://www.phoneboy.com/fw1/ The views expressed herein are not necessarily those of anyone else. -- Signup for your free USWEST.mail Email account http://www.uswestmail.net
Attachment:
Domenico De Vitto.vcf
Description:
Current thread:
- proxy firewall and email Neil Ratzlaff (Jan 03)
- <Possible follow-ups>
- Re: proxy firewall and email dwelch (Jan 04)
- Re: proxy firewall and email Thorkild Stray (Jan 06)
- RE: proxy firewall and email Dom De Vitto (Jan 07)
- RE: proxy firewall and email Jason Diesel (Jan 04)