>Good morning and TGIF!
hmm, yes. :)) >"yes, if you're running the smtp proxy, it does throw away esmtp >commands it doesn't understand" cool, a cretinous proxy. >Ok..don't I wish *I* could just throw away commands I don't understand! You're supposed to open up "appliances". They have their way of working, end of story. >As for me..I'M the one that set up the freaking smtp proxy, I just >wasn't aware it wouldn't play nicely with smtp auth, as I am just now >trying to get this in place. I even tried to DL the manual for the cheapest Rightguard II ( $5000! ) but they don't put the manuals on-line. >We are using the smtp proxy on the firewall to strip away exe, vbs and >other unwanted attachments. So, I guess the next question is, is there >software out there, like the Declude type virus software, which will >scan email and strip away those types of attachments, that will work in >front of the mail server but behind the firewall. Until I find something >like that, I can't disable the smtp proxy on the firewall, which means >smtp auth is never going to work for me As I said earlier in this week's, saga put IMGate in your DMZ. It can be setup to strip all attachments before they get out of DMZ and through the inner firewall. >until Watchguard improves the proxy. it's not a new product or company, I figure their SMTP proxy is about as ready-to-eat as it ever will be. These Linux box vendors try to sell a firewall in one box, nice try, and why not? But when that one box is cracked, the cracker are immediately through to your inside network. the classic double-walled setup: 1. outer firewall (border router doing stateful packet filtering) 2. subnet for DMZ boxes (DNS, SMTP relay, HTTP) 3. inner firewall (more packet filtering, and NAT, noting that NAT is useless for seccurity) >Thanks for everyone's patience (especially Saint Len), as you all can >probably tell, I am fairly new at this and am pretty much learning as I >go:) Building Internet Firewalls (2nd Edition) , zewicky, $34.96. Len http://MenAndMice.com/DNS-training http://BIND8NT.MEIway.com : ISC BIND 8.2.4 for NT4 & W2K http://IMGate.MEIway.com : Build free, hi-perf, anti-abuse mail gateways Please visit http://www.ipswitch.com/support/mailing-lists.html to be removed from this list. An Archive of this list is available at: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
