Chris F <[EMAIL PROTECTED]>
and
Assaf. <[EMAIL PROTECTED]>
who responded with recommendations:
SecurePoint - Checkpoint FireWall-1 Archive
and
ftp://ftp.ealaddin.com/pub/manuals/stop%20spammers.pdf
Turned out to be my debugging technique ( I think). The key that I twigged on to was that Chris used a deny. What was happening for me was that the first filter was being applied and firewall started doing proxy. When the session was set to fail because of the bad recipient it used the subsequent more global accept (which also applied). I thought that only the first applicable rule was used, it cascaded down after the securrity server had already kicked in!
Chris F wrote:
Greg,found it ... see above
I recently posted a Howto on this on this elist.
Please search the archives.
FW1 SMTP security server must also be protectedOur mail server isn't susceptible to this I believe.
against the use of "%" and "!" notation.
My debugging rule was to open a small vulnerability (one specific site) and keep the bulk of email flowing directly to the mail server which was not vulnerable
> from "outside telnet site" destined for "mail-server" using "smtp->mail-resource" acceptand
> from "not-us" destined for "mail-server" using "smtp" accept.I needed a new rule in between them which read:
from "outside telnet site" destined for "mail-server" using "smtp" deny
The resource.
> The mailnow works to produce:
> resource has been
> set up as:
>
> * Match
> o Sender *
> o Recipient *@{mel.gcs.com.au,syd.gcs.com.au,gcs.com.au}
"
rcpt to:<[EMAIL PROTECTED]>
554 Mailbox unavailable.
"
MUCH BETTER :-)
--
---------------------------------------------------------------------
Greg Stroot ----Technical Services Manager----
[EMAIL PROTECTED]
GCS P/L 97 Highbury Road Burwood Vic. 3125
http://www.gcs.com.au
ph: +61 3 9888 8522 fax: +61 3
9888 8511 mob: 0402 473 113
---------------------------------------------------------------------
