Checkout
http://the.rfceditor.org/ you can seach on all the rfcs
The Auth command is described in this RFC
ftp://ftp.isi.edu/in-notes/rfc2554.txt
Telnet to port 25 of your box and type EHLO and enter then AUTH and enter
betcha it will return a "500 unknown or implemented command"
If is supports auth you should get a "501 Syntax Error"
MS Exchange supports Auth, Mimesweeper 3.x does not (both support ESMTP...
well portions of it.....)
Have not checked fw1 as it won't allow me and I can't be bothered messing
with the rules to get it to work.
-----Original Message-----
From: Mark Ingles [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, 26 July 2000 7:52 AM
To: Jarmoc, Jeff; [EMAIL PROTECTED]
Subject: RE: [FW1] FW1 Support of ESMTP?
Jeff,
I'm pretty sure the smtp security server doesn't support esmtp, since it
*should* advertise it in the banner if it supports esmtp. You would see
something like
220 CheckPoint FireWall-1 secure ESMTP server
instead of
220 CheckPoint FireWall-1 secure SMTP server
To do your selective relaying, you can also use some sort of
pop-before-smtp method. I've only used them with postfix and not sendmail.
Take a look at DRAC http://mail.cc.umanitoba.ca/drac/ or the like. I know
both postfix and sendmail support smtp auth, but you would have to let
users connect directly to the smtp server. (Same with pop-before-smtp)
If you must scan the mail, let them connect to the smtp server in the
dmz/public network and use some sort of authentication. Then forward all
mail from that box through the firewall and smtp security server to an
internal mail server. The internal mail server can then forward it to its
final destination. This scheme makes sense in my head, but it's been a long
day.
Hope this helps,
Mark Ingles
At 02:33 PM 7/25/2000, Jarmoc, Jeff wrote:
>Well, that still won't entirely suit our needs. The problem is that many
of
>our users work from remote locations, and connect to us via the internet.
>They'll send messages through SMTP to third party locations. In order to
>allow them to relay, but eliminate a potential abuse by spammers we need to
>either limit it by IP (very unfeasible due to dialup connections and
>changing IPs for over 100 users) or require authentication for users who
>need to relay.
>
>-----Original Message-----
>From: Scott Schindler [mailto:[EMAIL PROTECTED]]
>Sent: Tuesday, July 25, 2000 1:26 PM
>To: [EMAIL PROTECTED]
>Subject: Re: [FW1] FW1 Support of ESMTP?
>
>
>
>Instead of answering your question as is, I recommend using a different
>solution altogether. Build a DMZ and run a Sendmail server with trend
Micro
>or some anti virus server. Make this device responsible for killing relays
>and virus checking and don't worry about Esmtp.
>
>----- Original Message -----
>From: "Jarmoc, Jeff" <[EMAIL PROTECTED]>
>To: <[EMAIL PROTECTED]>
>Sent: Tuesday, July 25, 2000 9:54 AM
>Subject: [FW1] FW1 Support of ESMTP?
>
>
> >
> > Hi all, hope someone can help. I've looked through as much checkpoint
> > material as I can find, and I can't determine if the FW1 SMTP Security
> > server understands ESMTP. I'm particularly interested in the AUTH
> > command
> > as I'm using it to prevent mail relaying. Does anyone know anything
> > about
> > this?
============================================================================
====
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
============================================================================
====
***************************************************
This e-mail is not an official statement of the
Waikato Regional Council unless otherwise stated.
Visit our website http://www.ew.govt.nz
***************************************************
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
