RE: [fw-wiz] Cisco PIX Version 6.3(3) SMTP Problem
From: Hammerle, Tye (Tye.F.Hammerle_at_snapon.com)
Date: 07/06/05
- Previous message: Devdas Bhagat: "Re: [fw-wiz] Cisco PIX Version 6.3(3) SMTP Problem"
- Maybe in reply to: David M. Nicksic: "[fw-wiz] Cisco PIX Version 6.3(3) SMTP Problem"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: "'David M. Nicksic'" <dnicksic@mossbaygroup.com>, "'Paul D. Robertson'" <paul@compuwar.net> Date: Wed, 6 Jul 2005 11:27:37 -0500
Postini can spool mail if your gateway is unreachable. Talk to your support
rep.
tye
-----Original Message-----
From: firewall-wizards-admin@honor.icsalabs.com
[mailto:firewall-wizards-admin@honor.icsalabs.com] On Behalf Of David M.
Nicksic
Sent: Wednesday, July 06, 2005 10:06 AM
To: 'Paul D. Robertson'
Cc: firewall-wizards@honor.icsalabs.com
Subject: RE: [fw-wiz] Cisco PIX Version 6.3(3) SMTP Problem
Thank you for your comments about Postini, that is most helpful.
DN
-----Original Message-----
From: Paul D. Robertson [mailto:paul@compuwar.net]
Sent: Wednesday, July 06, 2005 5:51 AM
To: David M. Nicksic
Cc: firewall-wizards@honor.icsalabs.com
Subject: Re: [fw-wiz] Cisco PIX Version 6.3(3) SMTP Problem
On Tue, 5 Jul 2005, David M. Nicksic wrote:
> I am using a PIX 520 v 6.3.3 and having a spam problem. A spam service
> Postini is employed. I want to deny all SMTP traffic unless it comes
> from one of the Postini servers. Can the PIX be configured to
> accomplish this?
>
Almost any firewall can, however you'll be out of e-mail if the provider has
to put up a new server because of an attack, failure, problem or address
change. It's probably better to configure your mail server to reject based
on forward/reverse lookups, since you're dealing with one zone, you'll be
able to cache the lookups pretty well.
Note that Postini rejects mail if your server isn't reachable by it- so it's
not all that resilient if you're under attack or having server issues[1].
Personally, I'd rather run Mailscanner on a Postfix instance than outsource
something as critical as e-mail.
Paul
[1] Theoretically most things will retry, but you may want to test critical
pager/cell/alert stuff to make sure it won't just give up if you're under
conditions where contacting you becomes important.
----------------------------------------------------------------------------
-
Paul D. Robertson "My statements in this message are personal opinions
paul@compuwar.net which may have no basis whatsoever in fact."
_______________________________________________
firewall-wizards mailing list firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
- Previous message: Devdas Bhagat: "Re: [fw-wiz] Cisco PIX Version 6.3(3) SMTP Problem"
- Maybe in reply to: David M. Nicksic: "[fw-wiz] Cisco PIX Version 6.3(3) SMTP Problem"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
