Firewall Wizards mailing list archives
RE: Allowing relay through Watchguard Firebox 1000
From: "Karl D. Mueller" <karlm () acshelp com>
Date: Sat, 21 Feb 2004 16:55:24 -0500
I wasn't suggesting removing it permanently. My method of troubleshooting generally involves isolating systems that might cause more variables. If he removes the SMTP proxy, and his troubles magically cease, then focus on troubleshooting the firebox, if not it's probably the exchange server. However with the volume of newsgroup postings regarding watchguard's smtp proxy (and even a MS KB article specifically about it), I'd at least be a little suspicious of it. Sorry if I was a little hasty in shooting off my reply without mentioning the "if that doesn't help, by all means put it back". -----Original Message----- From: Frederick M Avolio [mailto:fred () avolio com] Sent: Saturday, February 21, 2004 3:51 PM To: Karl D. Mueller; Bob Alberti Cc: Firewall-Wizards Subject: RE: [fw-wiz] Allowing relay through Watchguard Firebox 1000 At 03:40 PM 2/21/2004 -0500, Karl D. Mueller wrote:
My suggestion is to remove the SMTP proxy alltogether from the watchguard, and just setup a port forward (1-to-1 NAT in watchguard-speak) directly to your server.
Ahhhrrrggggg. <sarcasm> You *will* find things are much faster without all those nasty firewall rules getting in the way. </sarcasm> I was impressed that some people were actually using the SMTP proxy rather than just dynamic packet filtering on the Firebox. Take it out of the way? No, debug it, dammit. It is possible (as the poor gent with the Exchange server asked) that it is the inside server that's complaining. Look at the Firebox logs and the e-mail server logs. SMTP relays are funny things... they reject mail themselves and the reject mail if the server to which they tried to connect rejects the transaction. I was so enamored with the Firebox SMTP Proxy, I wrote a column for them (a few years ago when I was on their advisory board). It is dated, but I do make a case for it. (http://www.avolio.com/columns/smtp_proxy.html.) I suspect sometimes that I am the oldest person on this list... f _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Allowing relay through Watchguard Firebox 1000 Bob Alberti (Feb 21)
- Re: Allowing relay through Watchguard Firebox 1000 Frederick M Avolio (Feb 21)
- Re: Allowing relay through Watchguard Firebox 1000 Paul Robertson (Feb 21)
- Re: Allowing relay through Watchguard Firebox 1000 Patrick M. Hausen (Feb 23)
- <Possible follow-ups>
- RE: Allowing relay through Watchguard Firebox 1000 Karl D. Mueller (Feb 21)
- RE: Allowing relay through Watchguard Firebox 1000 Frederick M Avolio (Feb 21)
- RE: Allowing relay through Watchguard Firebox 1000 Marcus J. Ranum (Feb 23)
- RE: Allowing relay through Watchguard Firebox 1000 Karl D. Mueller (Feb 21)
- RE: Allowing relay through Watchguard Firebox 1000 Karl D. Mueller (Feb 26)