Re: [fw-wiz] Allowing relay through Watchguard Firebox 1000

From: Patrick M. Hausen (hausen_at_punkt.de)
Date: 02/23/04

  • Next message: Marcus J. Ranum: "RE: [fw-wiz] Allowing relay through Watchguard Firebox 1000"
    To: Bob Alberti <alberti@sanction.net>
    Date: Mon, 23 Feb 2004 09:35:10 +0100 (CET)
    
    

    Hello!

    > That's actually fine -- normally they don't WANT relaying of course -- but I
    > have been unsuccessful in my attempts to tell the firebox "It's okay to
    > relay from this domain or this set of IP addresses."

    Of course Fred Avolio's last statement on the subject really
    gets to the heart of the matter: first define your policy, then
    check if the desired application is in compliance with it.

    But there should be a quick technical solution, if I understand
    your setup correctly - you already run an internal mail server
    that is protected by the firewall, right?

    Why not have the cellphone users use the mail server as a smarthost
    if they are "internal" to your network? If they are "external", i.e.
    connected to an arbitrary ISP, they should use that ISP's mail
    server for relaying anyway.

    HTH,

    Patrick M. Hausen
    Leiter Netzwerke und Sicherheit

    -- 
    punkt.de GmbH         Internet - Dienstleistungen - Beratung
    Vorholzstr. 25        Tel. 0721 9109 -0 Fax: -100
    76137 Karlsruhe       http://punkt.de
    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
    

  • Next message: Marcus J. Ranum: "RE: [fw-wiz] Allowing relay through Watchguard Firebox 1000"

    Relevant Pages

    • Re: Mail server recommendations
      ... internal mail server. ... That's for a couple of seconds of exim4 run time a day, on a dual-2.8G CPU machine with half a gig of RAM. ... To be honest, the CIDR block checking is a bit of a hobby of mine, and only accounts for about half a dozen spams a day, while the DNS check alone kills about 40% of them and takes a fraction of the time. ...
      (Debian-User)
    • Re: Ouch! My SBS got hacked! Please help me not be a spammer
      ... With any mail server, the first thing to check is not a Windows virus. ... You should be checking your SMTP _relay_ settings. ... I have eTrust Anti Virus Version: 7.0.139 running with the latest signatures on SBS and all the other client computers. ...
      (microsoft.public.windows.server.sbs)
    • Re: DNS / ISA and Exchange issue
      ... This is neither ISA nor DNS. ... The key to this is the error message: ... The mail server is not configured to accept mail for smtp.ourdomain.com. ... to relay for mir@smtp.ourdomain.com (in reply to RCPT TO ...
      (microsoft.public.isa.configuration)
    • Re: Growing SMTP queue to random domains
      ... Spam Marshall. ... > The only knowledge base article I could find describes this problem ... > only if the mail server is open for relay or is on a black list of some ... The servers that are experiencing this issue are not open for relay ...
      (microsoft.public.exchange.admin)
    • Re: MX & A Records for Dual Domain Smtp Host
      ... Relay is for outgoing mail and doesn't require an MX record. ... outgoing email to another mail server. ... Here is a good article I found that discusses where to look in your config ...
      (microsoft.public.windows.server.dns)