[FW1] Anti-Spam/Relay w/ SMTP Security Server

Thu, 22 Feb 2001 07:51:45 -0800 


Hi All,

Several folks have asked for me to post this. Here's
how you can limit spam/relaying with FW-1's SMTP
security server.

Note: If you search this list, or look at resources
such as www.phoneboy.com -- you can probably find this
information as well. I did find info in the FW v3.0b
books.


Anti-Spam/Relay Rules Using FW-1's SMTP Security
Server

In my implementation, I use two rules: A and B. Both
are discussed below:

A. DropSpam
PURPOSE: Reject any email using the "!" or "%" syntax
to relay mail off your mailserver(s)

1- Create an STMP Resource (call it DropSpam)
2- Within the Match tab, put the following:
  Sender: *
  Recipient: *{!,%}*@*

Put this SMTP Resource in a rule BEFORE your SMTP
accept rule for email to reject any attempts to relay
off your SMTP box(es). This rule should look something
like:

Any == mailserver(s) == smtp-->DropSpam == REJECT


B. GoodEmail
PURPOSE: Accept only that email for which you MX/relay
for.

1- Create an SMTP Resource (call it GoodEmail)
2- Within the Match tab, put the following:
  Sender: *@*
  Recipient: *@{domain1,domain2,domain3}.com

If you're like me, and you have com and org top-level
domains, you can use this syntax:
*@{domain1,domain2,domain3}.{com,org}

For example:
*@{cnn,aol,up200}.{com,org}

You could make individual rules for each domain for
more security -- but the interest here is simplicity
and efficiency.

3- Fill in Action2 tab with CVP/AV information -- if
you use such a solution

Use this SMTP Resource in a rule to accept email. This
rule should look something like:

Any == mailserver(s) == smtp-->GoodEmail == ACCEPT

Therefore, your final rulebase should include the
following rules to filter SMTP traffic:

Any == mailserver(s) == smtp-->DropSpam == REJECT
Any == mailserver(s) == smtp-->GoodEmail == ACCEPT


Hope this helps someone.

-- Chris

__________________________________________________
Do You Yahoo!?
Yahoo! Auctions - Buy the things you want at great prices! http://auctions.yahoo.com/


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Reply via email to