I haven't used the SMTP security servers, but I know a bit about email in general and exchange 5.5 in particular. Are these relaying prohibited messages coming from your server, or the recipient server? It's probably the later, which may indicate there's no reverse DNS entry associating your domain with the IP your firewall is running the SMTP security server on.
I hope this doesn't sound too 'baby talk' but I like to practice explaining things in simple terms, it helps me confirm my understanding of things and is good practice for dealing with users. For example, in a typical SMTP session it'd look something like this; Source server -=> destination server The source server connects, advetises itself to the destination: "Hello, I'm mail.xxx.com". Some destination servers if they're setup securely will then do a reverse dns lookup and compare the result the domain the server claims to be: "I see your ip address is 10.10.10.243. DNS agrees you are mail.xxx.com, so go ahead and send" If the reverse DNS fails, the message will be kicked since the server can't confirm the source server is authoritative for that domain. Now, since the security server is in play, it functions as an SMTP proxy; source server -=> firewall -=> destination server So, the destination server will see the session coming from the firewall, and thus the firewall needs to have a reverse DNS entry. Hope this helps! -----Original Message----- From: Joven Guevarra [mailto:fatal_x@;YAHOO.COM] Sent: Tuesday, November 12, 2002 7:51 PM To: [EMAIL PROTECTED] Subject: [FW-1] SMTP Security Problem Hi to all, I have an Exchange 5.5 Server. Then I setup my SMTP Resource on our FW-1 to avoid spamming or relaying. Then I encountered problems like "mailbox unavailable" -> if i am sending from yahoo to our domain, or "Relaying is Prohibited" -> if I am sending mails outside. this is my setup: --------- - - - exchange | | | 5.5 |-----> | FW-1 |-----> Router Gateway 10.4.2.10| - - - --------- I used FW-1 to define a Static NAT for my Mail Server from 10.4.2.10 it becomes a public ip. This is my rule: any ---> mail Server -----> SMPT Resource --> accept outside interface (public ip) why is it that I am encountering these problems? How can I make it run right? Thank You Your Help is very much appreciated, JGuevarra __________________________________________________ Do you Yahoo!? U2 on LAUNCH - Exclusive greatest hits videos http://launch.yahoo.com/u2 ================================================= To set vacation, Out Of Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= ================================================= To set vacation, Out Of Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
