Re: [fw-wiz] Cisco PIX Version 6.3(3) SMTP Problem

From: Paul D. Robertson (paul_at_compuwar.net)
Date: 07/06/05

  • Next message: Eugene Kuznetsov: "RE: [fw-wiz] Opinion: Worst interface ever." 
    To: "David M. Nicksic" <dnicksic@mossbaygroup.com>
Date: Wed, 6 Jul 2005 08:51:15 -0400 (EDT)

    On Tue, 5 Jul 2005, David M. Nicksic wrote:

    > I am using a PIX 520 v 6.3.3 and having a spam problem. A spam service
    > Postini is employed. I want to deny all SMTP traffic unless it comes from
    > one of the Postini servers. Can the PIX be configured to accomplish this?
    >

    Almost any firewall can, however you'll be out of e-mail if the provider
    has to put up a new server because of an attack, failure, problem or
    address change. It's probably better to configure your mail server to
    reject based on forward/reverse lookups, since you're dealing with one
    zone, you'll be able to cache the lookups pretty well.

    Note that Postini rejects mail if your server isn't reachable by it- so
    it's not all that resilient if you're under attack or having server
    issues[1]. Personally, I'd rather run Mailscanner on a Postfix instance
    than
    outsource something as critical as e-mail.

    Paul
    [1] Theoretically most things will retry, but you may want to test
    critical pager/cell/alert stuff to make sure it won't just give up if
    you're under conditions where contacting you becomes important.
    -----------------------------------------------------------------------------
    Paul D. Robertson "My statements in this message are personal opinions
    paul@compuwar.net which may have no basis whatsoever in fact."
    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

  • Next message: Eugene Kuznetsov: "RE: [fw-wiz] Opinion: Worst interface ever."

    Relevant Pages

    • Re: SMTP Connector to Postini Outbound Service
      ... Postini's recommendation is to use Microsoft Exchange Connectors with ... this Postini recommends a short retry interval to avoid causing large ... If a receiving mail server returns a 400-series error to Postini ... Outbound, then the SMTP error will be relayed back to the connector, ...
      (microsoft.public.exchange.admin)
    • Re: Tracking Log Interpretation
      ... No I am not using postini at all and the 3rd party app is configured as you ... If all this application needs is access to your SMTP server to send mail, ... folder and 1 external recipient. ...
      (microsoft.public.exchange2000.admin)
    • Re: Restricting Inbound SMTP Traffic
      ... > Do you have ISA installed on this SBS? ... > 'This remote computer' and enter the IP of your postini server and click OK. ... > Dick Miller wrote: ...
      (microsoft.public.windows.server.sbs)
    • RE: [fw-wiz] Cisco PIX Version 6.3(3) SMTP Problem
      ... Thank you for your comments about Postini, ... It's probably better to configure your mail server to ... reject based on forward/reverse lookups, ...
      (Firewall-Wizards)
    • Re: SMTP Referrals - Is there such a thing?
      ... then send a referral to the sending SMTP server to route mail ... In speaking with a Postini ... IMAP has mailbox referrals. ...
      (microsoft.public.exchange.admin)