Re: Cisco PIX Version 6.3(3) SMTP Problem

["Paul D. Robertson" <paul () compuwar net>]

On Tue, 5 Jul 2005, David M. Nicksic wrote:

> I am using a PIX 520 v 6.3.3 and having a spam problem. A spam service
> Postini is employed. I want to deny all SMTP traffic unless it comes from
> one of the Postini servers. Can the PIX be configured to accomplish this?

Almost any firewall can, however you'll be out of e-mail if the provider
has to put up a new server because of an attack, failure, problem or
address change.  It's probably better to configure your mail server to
reject based on forward/reverse lookups, since you're dealing with one
zone, you'll be able to cache the lookups pretty well.

Note that Postini rejects mail if your server isn't reachable by it- so
it's not all that resilient if you're under attack or having server
issues[1].  Personally, I'd rather run Mailscanner on a Postfix instance
than
outsource something as critical as e-mail.

Paul
[1] Theoretically most things will retry, but you may want to test
critical pager/cell/alert stuff to make sure it won't just give up if
you're under conditions where contacting you becomes important.
-----------------------------------------------------------------------------
Paul D. Robertson      "My statements in this message are personal opinions
paul () compuwar net       which may have no basis whatsoever in fact."
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards