RE: [fw-wiz] Allowing relay through Watchguard Firebox 1000

From: Karl D. Mueller (karlm_at_acshelp.com)
Date: 02/21/04

Next message: Frederick M Avolio: "RE: [fw-wiz] Allowing relay through Watchguard Firebox 1000"

Previous message: Paul Robertson: "Re: [fw-wiz] Allowing relay through Watchguard Firebox 1000"
Maybe in reply to: Bob Alberti: "[fw-wiz] Allowing relay through Watchguard Firebox 1000"
Next in thread: Frederick M Avolio: "RE: [fw-wiz] Allowing relay through Watchguard Firebox 1000"
Reply: Frederick M Avolio: "RE: [fw-wiz] Allowing relay through Watchguard Firebox 1000"
Reply: Marcus J. Ranum: "RE: [fw-wiz] Allowing relay through Watchguard Firebox 1000"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: "Bob Alberti" <alberti@sanction.net>
Date: Sat, 21 Feb 2004 15:40:44 -0500

We're having a very similar problem. We're using Exchange 5.5 as the
back-end email server. The odd thing is, we get the error only
intermittantly, and it's sometimes logged on the Exchange server (if it
were a problem with the Watchguard SMTP proxy, wouldn't it not get this
far and be logged on the WG rather than the Exch server?)

We've noticed that it happens almost exclusively with msn and hotmail
accounts (for what that's worth). And only from outbound SMTP custom
recipients.

My suggestion is to remove the SMTP proxy alltogether from the
watchguard, and just setup a port forward (1-to-1 NAT in
watchguard-speak) directly to your server. See if that makes a
difference. Unfortunately I can't convince my IT manager to do it, since
they want the attachment blocking. (I'm trying to get them to install a
SMTP virus scanner on the email server, rather than using the firewall..
Oh well.)

Hope this helps a little.

-------------------
Karl Mueller CCNP
Mobile 703 946 6638
Office 703 369 9800 x205

-----Original Message-----
From: Paul Robertson [mailto:proberts@patriot.net]
Sent: Saturday, February 21, 2004 2:42 PM
To: Bob Alberti
Cc: Firewall-Wizards
Subject: Re: [fw-wiz] Allowing relay through Watchguard Firebox 1000

On Sat, 21 Feb 2004, Bob Alberti wrote:

> They have recently started deploying e-mail enabled cell phones. Cell
> phone users can reply to messages from other employees, but cannot
> relay mail from their cell phones outside the domain (i.e. to
> customers), responding with the rather odd error
>
> "553 Requested action not taken: mailbox name not allowed or chunk too

> large"

Maybe this is just me misunderstanding...

>
> That's actually fine -- normally they don't WANT relaying of course --

> but I have been unsuccessful in my attempts to tell the firebox "It's
> okay to relay from this domain or this set of IP addresses." Part of
> the difficulty is that this is a production system, so my ability to
> experiment is limited -- my last test, carefully executed after hours,

> resulted in all inbound mail being cut off for a time.

They're sending mail from their cell phones, with a return-path of thier
work address, with a forward path of their customers?

I don't see how their firewall fits in - unless this is one of those
"Phone is one of those multifunction PDA things sitting in a cradle?"

If so, I'd relay those off a different internal server and let it make
the relay choice based on the IP address.

Paul
------------------------------------------------------------------------
-----
Paul D. Robertson "My statements in this message are personal
opinions
proberts@patriot.net which may have no basis whatsoever in fact."
probertson@trusecure.com Director of Risk Assessment TruSecure
Corporation _______________________________________________
firewall-wizards mailing list firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

Next message: Frederick M Avolio: "RE: [fw-wiz] Allowing relay through Watchguard Firebox 1000"

Previous message: Paul Robertson: "Re: [fw-wiz] Allowing relay through Watchguard Firebox 1000"
Maybe in reply to: Bob Alberti: "[fw-wiz] Allowing relay through Watchguard Firebox 1000"
Next in thread: Frederick M Avolio: "RE: [fw-wiz] Allowing relay through Watchguard Firebox 1000"
Reply: Frederick M Avolio: "RE: [fw-wiz] Allowing relay through Watchguard Firebox 1000"
Reply: Marcus J. Ranum: "RE: [fw-wiz] Allowing relay through Watchguard Firebox 1000"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: Servers Strike Back -- Cell Phone Usage
... server to do is to leave and come back when you are finished your call. ... Restaurants have always been such a place, long before cell phones ever ... When we relied on pay phones they were out in a hallway so that you ...
(rec.food.cooking)
Re: SMS from D3 NT
... > to send the SMS messages ... ... these messages on someone else's server. ... to cell phones. ... a phone (Ross' "real mobile" suggestion) which actually sends the message. ...
(comp.databases.pick)
Re: Windows Mobile v6.1 accessing Remote Desktop ?
... Used an WM6 device once to restart a server. ... On the router/firewall port ... We are in middle of upgrading our cell phones, ...
(microsoft.public.windows.server.sbs)
Re: create video from jpeg/mp4 and create rtsp session
... Latest rumors for cell phones ... I have not heard of anyone using windows media server and mpeg4, ... > server should code those compressed images to mpeg-4 format and make it ...
(microsoft.public.windowsmedia.server)
Re: Relay Question
... An open relay ... is an SMTP e-mail server that allows third-party relay of e-mail messages. ... Exchange 2003 is by default configured to prevent open relay. ... Microsoft does not control these sites ...
(microsoft.public.windows.server.sbs)