Yes, it was a "telnet mailserver 25" -- from outside the firewall. In
essence, duplicating the problem that we are experiencing.
The SMTP server is unfortunately running Lotus Domino 5.0, and will
continue to use that for the forseeable future.
We're hosting e-mail for a number of domains, so we need to be able to a)
allow incoming mail to all of those domains from anyone, and b) allow our
clients to use this same mail server to send mail to anyone [but only those
clients]
It appears to me that there's a bug in FW-1, since it allows the sender to
be <>....
Anyone?
Dave Grabowski
System Arts, Inc.
(212) 604-9015 x316
[EMAIL PROTECTED]
Chad Graham
<[EMAIL PROTECTED] To: [EMAIL PROTECTED]
om> cc:
Sent by: Subject: Re: [FW1] Blank MAIL FROM: field
in SMTP Security
[EMAIL PROTECTED] Server
m
05/26/2000
04:28 PM
Dave,
The example below, I assume was "telnet port 25". Was that done
on the SMTP server, or the firewall itself? The reason I ask, is because
you say it cant be recreated on the internal mail server, but you also
say the second smtp rule passes the mail. Is this server in a DMZ?
If it was done from the firewall and you have your security policy
enforce "inbound" traffic, traffic originating on the firewall will not
pass through the rulebase.
You dont mention what os the SMTP server is running. If you
are running Solaris with a version of Sendmail less than 8.9.1. I
would suggest upgrading to 8.9.1 (at least). Our mail server was
also being used to relay spam, upgrading sendmail cut that out.
I apologize if all I did was tell you stuff you already know, hope
some of this might help.
Chad Graham
CDI Engineering
[EMAIL PROTECTED] wrote:
>
> Escape character is '^]'.
> 220 CheckPoint FireWall-1 secure SMTP server
> helo abc123
> 250 Hello abc123, pleased to meet you
> mail from: <>
> 250 <>... Sender ok
> rcpt to: <[EMAIL PROTECTED]>
> 250 <[EMAIL PROTECTED] Recipient ok
> data
> 354 Enter mail, end with "." on a line by itself
> subject: this should not work!
>
> argh!
> .
> 250 Ok
> quit
> 221 Closing connection
> Connection closed by foreign host.
>
> The FW-1 log indicates that the second rule passes the message.
>
> Help! Our internal mail server is running Lotus Notes, and according to
our
> Notes Guy, he can't implement the same thing on the server itself. We'll
be
> moving away from this server within six months or so, but we're getting
hit
> with SPAM right now and it'd be great if we could stop it. We've been
given
> the scarlet letter by ORBS...
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
