Check Point VPN-1/FireWall-1

Check Point acting as Mail Relay

AERAsec Network Services and Security GmbH

 

Platform:  Check Point VPN-1/FireWall-1
Product: Check Point NGX, Next Generation and 4.x
Problem: When configuring a SMTP-Resource for e.g. filtering attachments or using a CVP-Server for Content Control, the firewall suddenly becomes an open mail relay.
Workaround/Fix:

Conifguring an SMTP resource requires the specification of sender and recipient matching. Never put a '*' into both fields at once as it could turn your firewall into an open mail relay.
So, please configure your SMTP Resource restrictively, e.g.

and do the same with your ruleset. Don't make it as simple as displayed in the disabled rule 1.
This is just an example, but now the rules for SMTP are secure:

 

No warranty at all, your Feedback is welcome!
© 2002-2011 AERAsec Network Services and Security GmbH, last change 2007-01-02
back to http://www.vpn-1.de/aerasec/