On 29 Jan 99, at 18:40, [EMAIL PROTECTED] wrote:
> Hi all,
> I was going through an evaluation of firewalls, starting with IBM
> firewall. When coming to spam prevention (which can be a firewall's job
> since unstopped spam can result DOS attacks, rite?), I realized there
> are a few methods:
> -restrict by IP address (but IBM firewall does not allow you to
> specify "all-but-certain-IP-addresses")
This isn't likely to help with spam, which is often relayed through
innocent SMTP servers. The only case in which it can help is when
spammers try to connect directly to your network's SMTP server.
> -restrict by Domain names (IBM firewall does not have any such
> feature documented)
Domain names are not part of the TCP/IP packet headers. An
application
proxy for mail *might* be able to check this, but the anti-spam
components
in recent versions of sendmail, etc., are a better place for such checks
to be implemented.
> -restrict by Key words in mail (IBM firewall does not have any such
> feature documented)
Again, an application proxy could try to implement this, but a tool
like
procmail, which is in a position to deal with entire *messages* makes a
better implementation point. What action should an application proxy
take
when detecting a forbidden keyword (which might span a packet
boundary...)
in a message some of which has already been forwarded to the server?
[Buffering whole messages on the firewall is probably a bad idea, since
deliberately malformed mail traffic could eat up all buffer space and
thus
act as a DoS attack....]
> Did I understand IBM firewall properly or is there any other
> firewall that does spam prevention?
I think two of the three features you've mentioned belong on the mail
server, and not on the firewall. The third, blocking specific IPs, is
of
extremely limited usefulness generally, and specifically provides
negligible protection against spam.
David G
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
