Re: [FW1] "Mail" service in FW logs - change

Wed, 30 Aug 2000 07:26:58 -0700 


Robert,
Thanks for the help.  Yes, I am relatively new.  Our administrator took another job 
recently, and although I had been the backup and did take the Checkpoint classes, I've 
been on my own for two months.  I've been examing the logs and rulebase for holes and 
anomolies and trying to close/resolve them.

I did look at /etc/services.  The strange thing is the logviewer is showing both SMTP 
and MAIL in the services column.  SMTP is accepted while MAIL is being dropped.  If 
MAIL is an alias for SMTP, I would think it would be accepted.  

Kathy

>>> "Robert MacDonald" <[EMAIL PROTECTED]> 08/30/00 10:11AM >>>
Kathy,

Generally it's an alias for SMTP.

Look through the firewall services(most likely you
did this), the /etc/services or $systemroot/system32/drivers/etc.

Sounds like someone may have added this. Are you
new to this system or administrating your fw? If so,
you will want to verify _everything_ about that system(s),
to make sure you understand why it designed & configured
the way it is. Obviously (and _carefully_) disabling anything
that you cannot verify is needed.

If not, my apologies for making such a blunderous
ASSumption. :)

Robert

- -
Robert P. MacDonald, Network Engineer
e-Business Infrastructure
G o r d o n   F o o d    S e r v i c e
Voice: +1.616.261.7987 email: [EMAIL PROTECTED] 

>>> "Kathy Chapman" <[EMAIL PROTECTED]> 8/30/00 9:52:20 AM >>>
>
>Checkpoint 4.0 on Solaris
>
>The log is showing dropped tcp traffic for service "mail" to my SMTP server.  I have 
>a service SMTP 
>which is defined as TCP port 25 (which works fine).   I have been unable to find out 
>which port is 
>associated with this "mail" service - it's not defined in my rulebase.  
>
>The rule that's dropping it is NOT: any, any, annoying-services, drop.  
>The cleanup rule is dropping it:  any, any, any, drop.
>
>Any help is greatly appreciated.
>
>Kathy Chapman





================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Reply via email to