Firewall Wizards mailing list archives

RE: Cisco PIX Version 6.3(3) SMTP Problem

From: "Hammerle, Tye" <Tye.F.Hammerle () snapon com>
Date: Wed, 6 Jul 2005 11:27:37 -0500

Postini can spool mail if your gateway is unreachable. Talk to your support
rep.

tye




-----Original Message-----
From: firewall-wizards-admin () honor icsalabs com
[mailto:firewall-wizards-admin () honor icsalabs com] On Behalf Of David M.
Nicksic
Sent: Wednesday, July 06, 2005 10:06 AM
To: 'Paul D. Robertson'
Cc: firewall-wizards () honor icsalabs com
Subject: RE: [fw-wiz] Cisco PIX Version 6.3(3) SMTP Problem


Thank you for your comments about Postini, that is most helpful.

DN

-----Original Message-----
From: Paul D. Robertson [mailto:paul () compuwar net] 
Sent: Wednesday, July 06, 2005 5:51 AM
To: David M. Nicksic
Cc: firewall-wizards () honor icsalabs com
Subject: Re: [fw-wiz] Cisco PIX Version 6.3(3) SMTP Problem

On Tue, 5 Jul 2005, David M. Nicksic wrote:

I am using a PIX 520 v 6.3.3 and having a spam problem. A spam service 
Postini is employed. I want to deny all SMTP traffic unless it comes 
from one of the Postini servers. Can the PIX be configured to 
accomplish this?


Almost any firewall can, however you'll be out of e-mail if the provider has
to put up a new server because of an attack, failure, problem or address
change.  It's probably better to configure your mail server to reject based
on forward/reverse lookups, since you're dealing with one zone, you'll be
able to cache the lookups pretty well.

Note that Postini rejects mail if your server isn't reachable by it- so it's
not all that resilient if you're under attack or having server issues[1].
Personally, I'd rather run Mailscanner on a Postfix instance than outsource
something as critical as e-mail.

Paul
[1] Theoretically most things will retry, but you may want to test critical
pager/cell/alert stuff to make sure it won't just give up if you're under
conditions where contacting you becomes important.
----------------------------------------------------------------------------
-
Paul D. Robertson      "My statements in this message are personal opinions
paul () compuwar net       which may have no basis whatsoever in fact."


_______________________________________________
firewall-wizards mailing list firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

Current thread:

RE: Cisco PIX Version 6.3(3) SMTP Problem, (continued)
- - RE: Cisco PIX Version 6.3(3) SMTP Problem David M. Nicksic (Jul 06)
  - Re: Cisco PIX Version 6.3(3) SMTP Problem Devdas Bhagat (Jul 06)
    - Re: Cisco PIX Version 6.3(3) SMTP Problem Paul Robertson (Jul 06)
    - Re: Cisco PIX Version 6.3(3) SMTP Problem hermit921 (Jul 06)
    - Re: Cisco PIX Version 6.3(3) SMTP Problem Devdas Bhagat (Jul 06)
- Re: Cisco PIX Version 6.3(3) SMTP Problem Gregory Hicks (Jul 06)
  - Re: Cisco PIX Version 6.3(3) SMTP Problem Devdas Bhagat (Jul 06)
    - Re: Cisco PIX Version 6.3(3) SMTP Problem Paul D. Robertson (Jul 06)
    - Re: Cisco PIX Version 6.3(3) SMTP Problem Devdas Bhagat (Jul 06)
    - Re: Cisco PIX Version 6.3(3) SMTP Problem Paul D. Robertson (Jul 06)
- RE: Cisco PIX Version 6.3(3) SMTP Problem Hammerle, Tye (Jul 06)