just did a little testing (regarding possible solution in my last post)
if you send a mail from a user with NO SMTP address defined... it goes out
looking something like this
IMCEAEX-_O=<insert your organization name here>OU=<insert your site name
here>[EMAIL PROTECTED]
what is interesting is that it creates some sort of attempt at an email
address at the end... (not sure which fields this builds from, as it was a
test server i just inserted jkent as one of the names and the alias...or
something... but you can figure that out on your end)
then... I haven't played with SMTP filtering on Firewall-1 but I'd assume
that you could filter based on the From header containing (or beginning
with) simply IMCEAEX-_O= and leaving it at that ???? this would stop all
the outbound and the inbound would just bounce due to not being able to find
the recipient...
> -----Original Message-----
> From: Daniel Bocage [mailto:[EMAIL PROTECTED]]
> Sent: Sunday, June 25, 2000 6:13 AM
> To: Robert MacDonald
> Cc: [EMAIL PROTECTED]; THELLIER,
> Francis (Kedros)
> Subject: Re: [FW1] SMTP per user
>
>
>
> Thankyou for your answers, what I meant was this:
>
> Some of our users will not be given permission to
> send/receive mail from
> Internet. How can I block them at the FW-1 (I couldn't find a
> way to do
> it on the Exchange 5.5 server)?
> For example I could write a huge list in the Recipients field
> of the SMTP
> resource but it would be impossible to manage (About 400
> users can send
> and 200 can't).
> Is there a way to obtain this list from an LDAP server for example?
>
> I share your idea about the policy but the managers are
> convinced that
> is the right way to go, so unless technically it's too complicated or
> difficult to manage they want to go for it.
>
> thanks,
> Ing. Daniel Bocage
>
> Robert MacDonald wrote:
>
> > Daniel,
> >
> > Your request is not very clear, but I'll try and
> > make some assumptions(ack!).
> >
> > If intention is to limit the number of emails
> > that an internal user may get, get/send, send,
> > then you'll most likely end up writing some
> > cludge script to accomplish this. This would
> > appear to be real nasty. Unless there are
> > packages out there that do this, I don't
> > think it's possible without a lot of work.
> >
> > If the intention is to limit the number of emails
> > someone can inject into your site, then sort-of.
> > FW-1 has a config that can do this. But then
> > if someone really wanted to send email into
> > your site, they can just break your site into
> > chunks.
> >
> > If I were you, I would look through that policy
> > you have and remind all offenders/abusers
> > of your mail system about non-work related
> > email usage.
> >
> > Then, if they continue, feel free to cut them
> > off, becuase your policy's abuse clause said so.
> >
> > Use technology to fix technological issues. Use
> > common sense and a thick, heavy policy for
> > all else ;).
> >
> > Robert
> >
> > - -
> > Robert P. MacDonald, Network Engineer
> > e-Business Infrastructure
> > G o r d o n F o o d S e r v i c e
> > Voice: +1.616.261.7987 email: [EMAIL PROTECTED]
> >
> > >>> "Daniel Bocage" <[EMAIL PROTECTED]> 6/23/00 10:10:09 AM >>>
> > >
> > >How can I limit incoming and outgoing mail (SMTP) per user
> on a FW-1
> > >gateway?
> > >
> > >thanks,
> > >
> > > Ing. Daniel Bocage
>
>
>
> ==============================================================
> ==================
> To unsubscribe from this mailing list, please see the
> instructions at
> http://www.checkpoint.com/services/mailing.html
> ==============================================================
> ==================
>
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
