I saw something like this at the last company I recently worked for whence
we managed perimiter devices for companies. I found on a few systems
setup so, that the recipients addresses were not rewritten properly, they
all appeard as *@domain.com. We found it much better to let the sendmail
servers deal with rewrite rules and which domains they would forward for,
rather then trying to have the fw-1 box attempt such. This can be tested
easy by having someone inside send an e-mail to someone outside. Then
have the reciever outside try to reply, if you are seeing the same the
replyied to address will appear as *@domain.com.
Thanks,
Ron DuFresne
On Wed, 15 Nov 2000, Brooks Carlson wrote:
> Thanks to everyone for their help with email spoofing, this
> is a very helpful mailing list. I set up the Checkpoint SMTP Security
> Server as listed on www.phoneboy.com/fw1, but have a new problem with
> this configuration.
>
> I set the IP Address of the email server, under the Match tab set sender
> as * and recipient as *@mydomain.com. Everything was working fine
> until I realized that our remote users were getting undeliverable email
> daemons. What I guess is happening is that our remote clients are
> connecting to our email server, but the roles are reversed. They become
> the sender, which matches the * in the rule, but the recipient now does
> not match the rule of *@mydomain.com.
>
> Any way around this?
>
> -----Original Message-----
> From: Manoj Rathod [mailto:[EMAIL PROTECTED]]
> Sent: Monday, November 13, 2000 10:57 PM
> To: Brooks Carlson
> Subject: Re: Email Spoofing
>
>
> You shall have to configure Checkpoint SMTP Security Server. To use this,
> make sure:
> 1. SMTP Server is enabled in $FWDIR/conf/fwauthd.conf.
> 2. Create your inbound SMTP Resource
> 3. Add the resource to your rulebase.
>
> Optionally, you can refer to http://www.phoneboy.com/fw1/faq/0286.html.
>
> Thanks
>
> Manoj
>
> ----- Original Message -----
> From: "Brooks Carlson" <[EMAIL PROTECTED]>
> To: "'Firewalls (E-mail)" <[EMAIL PROTECTED]>
> Sent: Monday, November 13, 2000 9:07 PM
> Subject: Email Spoofing
>
>
> > I have a question about email spoofing. I am using Checkpoint Firewall-1
> > 4.0 Build 4031.
> > I have a rule to accept mail on port 25 (SMTP) to our external mail server
> > address, which
> > is then translated to an illegal internal address.
> >
> > any email_external SMTP accept long gateway
> >
> >
> > Is there any way to set up the firewall to accept and send only incoming
> > mail from those employees
> > that have legitimate email addresses with the company? I don't want our
> > email server being
> > used as spam servers.
> >
> > Sorry for the newbie question...
> >
> >
> >
> > -
> > [To unsubscribe, send mail to [EMAIL PROTECTED] with
> > "unsubscribe firewalls" in the body of the message.]
> >
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
"Cutting the space budget really restores my faith in humanity. It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation." -- Johnny Hart
***testing, only testing, and damn good at it too!***
OK, so you're a Ph.D. Just don't touch anything.
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
