RE: [FW1] SMTP per user

Sun, 25 Jun 2000 16:56:23 -0700 


What you are seeing is the x400 address....
On your IMS on the Exchange Server, there is a "restrictions" tab, Add the
users you wish to stop from sending emails to the Internet to that
list....and of course, delete the SMTP email address so they can not receive
external email....
Do not delete the X400 address!

Andy



-----Original Message-----
From: Jason Kent [mailto:[EMAIL PROTECTED]]
Sent: Sunday, June 25, 2000 11:37 AM
To: 'Daniel Bocage'; Robert MacDonald
Cc: [EMAIL PROTECTED]; THELLIER, Francis (Kedros)
Subject: RE: [FW1] SMTP per user



just did a little testing (regarding possible solution in my last post)

if you send a mail from a user with NO SMTP address defined... it goes out
looking something like this

IMCEAEX-_O=<insert your organization name here>OU=<insert your site name
here>[EMAIL PROTECTED]

what is interesting is that it creates some sort of attempt at an email
address at the end... (not sure which fields this builds from, as it was a
test server i just inserted jkent as one of the names and the alias...or
something... but you can figure that out on your end)

then... I haven't played with SMTP filtering on Firewall-1 but I'd assume
that you could filter based on the From header containing (or beginning
with) simply IMCEAEX-_O=   and leaving it at that ????  this would stop all
the outbound and the inbound would just bounce due to not being able to find
the recipient...




> -----Original Message-----
> From: Daniel Bocage [mailto:[EMAIL PROTECTED]]
> Sent: Sunday, June 25, 2000 6:13 AM
> To: Robert MacDonald
> Cc: [EMAIL PROTECTED]; THELLIER, 
> Francis (Kedros)
> Subject: Re: [FW1] SMTP per user
> 
> 
> 
> Thankyou for your answers, what I meant was this:
> 
> Some of our users will not be given permission to 
> send/receive mail from
> Internet. How can I block them at the FW-1 (I couldn't find a 
> way to do
> it on the Exchange 5.5 server)?
> For example I could write a huge list in the Recipients field 
> of the SMTP
> resource but it would be impossible to manage (About 400 
> users can send
> and 200 can't).
> Is there a way to obtain this list from an LDAP server for example?
> 
> I share your idea about the policy but  the managers are 
> convinced that
> is the right way to go, so unless technically it's too complicated or
> difficult to manage they want to go for it.
> 
> thanks,
>     Ing. Daniel Bocage
> 
> Robert MacDonald wrote:
> 
> > Daniel,
> >
> > Your request is not very clear, but I'll try and
> > make some assumptions(ack!).
> >
> > If intention is to limit the number of emails
> > that an internal user may get, get/send, send,
> > then you'll most likely end up writing some
> > cludge script to accomplish this. This would
> > appear to be real nasty. Unless there are
> > packages out there that do this, I don't
> > think it's possible without a lot of work.
> >
> > If the intention is to limit the number of emails
> > someone can inject into your site, then sort-of.
> > FW-1 has a config that can do this. But then
> > if someone really wanted to send email into
> > your site, they can just break your site into
> > chunks.
> >
> > If I were you, I would look through that policy
> > you have and remind all offenders/abusers
> > of your mail system about non-work related
> > email usage.
> >
> > Then, if they continue, feel free to cut them
> > off, becuase your policy's abuse clause said so.
> >
> > Use technology to fix technological issues. Use
> > common sense and a thick, heavy  policy for
> > all else ;).
> >
> > Robert
> >
> > - -
> > Robert P. MacDonald, Network Engineer
> > e-Business Infrastructure
> > G o r d o n   F o o d    S e r v i c e
> > Voice: +1.616.261.7987 email: [EMAIL PROTECTED]
> >
> > >>> "Daniel Bocage" <[EMAIL PROTECTED]> 6/23/00 10:10:09 AM >>>
> > >
> > >How can I limit incoming and outgoing mail (SMTP) per user 
> on a FW-1
> > >gateway?
> > >
> > >thanks,
> > >
> > >    Ing. Daniel Bocage
> 
> 
> 
> ==============================================================
> ==================
>      To unsubscribe from this mailing list, please see the 
> instructions at
>                http://www.checkpoint.com/services/mailing.html
> ==============================================================
> ==================
> 


============================================================================
====
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
============================================================================
====


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Reply via email to