Hi Andr�,
in the smtp resource definition you can configure accepted recipient under
the match-tab.
this prevents from spaming.
hope it helps
:-)
peter
> -----Urspr�ngliche Nachricht-----
> Von: Andr� M�nch [SMTP:[EMAIL PROTECTED]]
> Gesendet am: Freitag, 20. Oktober 2000 11:19
> An: [EMAIL PROTECTED]
> Betreff: [FW1] Open Relay AND SMTP Security Server
>
> Hey there,
>
> all incoming mail is forwarded by the mail-relay in the DMZ (sendmail) to
> the internel exchange mail server. All outgoing mail is forwarded by the
> same mail relay.
>
> Now there is following rule:
>
> ANY -> mail_relay Smtp_Scan accept
>
> The resource Smtp_scan directs the mail traffic to the CVP-Server in an
> other DMZ-segment. So far so good.
>
> I found out that the mail relay acts as an open relay. Why? I further
> found out that the fw1 security server, which intercepts the connection,
> establishes the connection to the mail relay after CVP cheching. Because
> of the rule above, this is the same with incoming and outgoing mail. The
> result is, that the ip-address of the internel fw1 interface in the
> segment of the mail relay is the source ip address of all smtp packets. So
> the relay can�t differentiate between both directions. So how to tell the
> relay not to relay mail coming from outside to the outside?
> This seems to be a problem.
> One solution is to check outgoing mail after the relaying. I read
> somewhere, that it�s not recommended to involve the fw1 Smtp-security
> server for outgoing mail. Is this true? Maybe there are problems with NAT?
> Another solution is to check the from and to fields with a resource of the
> fw1 security server. This causes some aditional overhead besides the CVP
> checking.
> Any suggestions?
>
> thanks
>
> Andr�
>
>
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
