Re: [fw-wiz] Allowing relay through Watchguard Firebox 1000

From: Patrick M. Hausen (hausen_at_punkt.de)
Date: 02/23/04

  • Next message: Marcus J. Ranum: "RE: [fw-wiz] Allowing relay through Watchguard Firebox 1000"
    To: Bob Alberti <alberti@sanction.net>
    Date: Mon, 23 Feb 2004 09:35:10 +0100 (CET)
    
    

    Hello!

    > That's actually fine -- normally they don't WANT relaying of course -- but I
    > have been unsuccessful in my attempts to tell the firebox "It's okay to
    > relay from this domain or this set of IP addresses."

    Of course Fred Avolio's last statement on the subject really
    gets to the heart of the matter: first define your policy, then
    check if the desired application is in compliance with it.

    But there should be a quick technical solution, if I understand
    your setup correctly - you already run an internal mail server
    that is protected by the firewall, right?

    Why not have the cellphone users use the mail server as a smarthost
    if they are "internal" to your network? If they are "external", i.e.
    connected to an arbitrary ISP, they should use that ISP's mail
    server for relaying anyway.

    HTH,

    Patrick M. Hausen
    Leiter Netzwerke und Sicherheit

    -- 
    punkt.de GmbH         Internet - Dienstleistungen - Beratung
    Vorholzstr. 25        Tel. 0721 9109 -0 Fax: -100
    76137 Karlsruhe       http://punkt.de
    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
    

  • Next message: Marcus J. Ranum: "RE: [fw-wiz] Allowing relay through Watchguard Firebox 1000"