I see ident resolved as the Mail protocol in my Ident reject rule.
HTH
"Jarmoc, Jeff" <[EMAIL PROTECTED]> on 30/08/2000 15:49:09
To: "'Kathy Chapman'" <[EMAIL PROTECTED]>, [EMAIL PROTECTED],
[EMAIL PROTECTED]
cc: (bcc: Mike Anning/WEY/EU/CHEP)
Subject: RE: [FW1] "Mail" service in FW logs - change
Could 'Mail' be an alias for a different Mail protocol? Pop, Imap,
something along those lines?
-----Original Message-----
From: Kathy Chapman [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, August 30, 2000 9:25 AM
To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: Re: [FW1] "Mail" service in FW logs - change
Robert,
Thanks for the help. Yes, I am relatively new. Our administrator took
another job recently, and although I had been the backup and did take the
Checkpoint classes, I've been on my own for two months. I've been examing
the logs and rulebase for holes and anomolies and trying to close/resolve
them.
I did look at /etc/services. The strange thing is the logviewer is showing
both SMTP and MAIL in the services column. SMTP is accepted while MAIL is
being dropped. If MAIL is an alias for SMTP, I would think it would be
accepted.
Kathy
>>> "Robert MacDonald" <[EMAIL PROTECTED]> 08/30/00 10:11AM >>>
Kathy,
Generally it's an alias for SMTP.
Look through the firewall services(most likely you
did this), the /etc/services or $systemroot/system32/drivers/etc.
Sounds like someone may have added this. Are you
new to this system or administrating your fw? If so,
you will want to verify _everything_ about that system(s),
to make sure you understand why it designed & configured
the way it is. Obviously (and _carefully_) disabling anything
that you cannot verify is needed.
If not, my apologies for making such a blunderous
ASSumption. :)
Robert
- -
Robert P. MacDonald, Network Engineer
e-Business Infrastructure
G o r d o n F o o d S e r v i c e
Voice: +1.616.261.7987 email: [EMAIL PROTECTED]
>>> "Kathy Chapman" <[EMAIL PROTECTED]> 8/30/00 9:52:20 AM >>>
>
>Checkpoint 4.0 on Solaris
>
>The log is showing dropped tcp traffic for service "mail" to my SMTP
server. I have a service SMTP
>which is defined as TCP port 25 (which works fine). I have been unable to
find out which port is
>associated with this "mail" service - it's not defined in my rulebase.
>
>The rule that's dropping it is NOT: any, any, annoying-services, drop.
>The cleanup rule is dropping it: any, any, any, drop.
>
>Any help is greatly appreciated.
>
>Kathy Chapman
============================================================================
====
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
============================================================================
====
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
