You can create an SMTP resource on the firewall to help prevent this.
It's a relatively simple thing to configure...
To correct the open SMTP relay issue, you must create a SMTP resource
and use the Match option. You must then create a rule that uses the SMTP
service with this resource. To do this you must:
1.) Open the Policy Editor GUI.
2.) Go to Manage > Resources > New > SMTP Resource, click on Edit.
3.) Configure the name, and any comments, and then Select the Match tab
4.) Under Sender put *
5.) Under recipient type your e-mail domain with a leading and ending
'*' (ie. *@4bilu.com*), and click OK.
6.) Add a rule to the rulebase, and specify the service as "Add with
resource", and then select SMTP as the Service from the list of
available services, and select the SMTP resource just created from the
second "Resource:" drop down list.
7.) Install policy
-----Original Message-----
From: Mailing list for discussion of Firewall-1
[mailto:FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM] On Behalf Of Matt
Arntsen
Sent: Tuesday, May 25, 2004 2:43 PM
To: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
Subject: [FW-1] exchange 2003 best practices
In an attempt to limit email relaying, I was wondering how others have
set up their email routing with an exchange 2003 email server in
conjunction with their NG-AI R55 firewall. What is the best way to set
it up? I currently have a static NAT rule to send all email inbound. Our
email engineers want to prevent relays and are convinced it is the
firewall's responsibility. The also want to limit authorized IP
addresses which can connect to the email server. The problems I see with
this is that you cannot block the Internet from sending you an email.
Perhaps I am wrong but I keep telling them it is the function of the
email server to only allow emails destined to our domain and refuse all
others rather than forcing the firewall to do this. Perhaps I am wrong
and so I am hoping I can get some feedback. Thanks!
Matt
=================================================
To set vacation, Out-Of-Office, or away messages, send an email to
LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your subscription options,
email fw-1-owner AT ts.checkpoint DOT com
=================================================
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
|
