[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [FW1] SMTP Security Server Does Not Deliver to Lower Preceden ce MX-s

To: Dameon Welch <dwelch@hotmail.com>, dfrincke@co.broward.fl.us, fw-1-mailinglist@lists.us.checkpoint.com
Subject: RE: [FW1] SMTP Security Server Does Not Deliver to Lower Preceden ce MX-s
From: Rob Shein <Rshein@LANSOLUTIONS.com>
Date: Mon, 19 Apr 1999 13:22:38 -0400

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]


Actually, I just met a couple of weeks ago with a vendor that has a product
that will do this.  It's pricey, but it's a fantastic product.  Email me off
the list if you want to know who (Don't want to look like I'm advertising,
because I frankly don't really care about their sales or profits)...

-----Original Message-----
From: Dameon Welch [mailto:dwelch@hotmail.com]
Sent: Friday, April 16, 1999 2:46 PM
To: dfrincke@co.broward.fl.us; fw-1-mailinglist@lists.us.checkpoint.com
Subject: Re: [FW1] SMTP Security Server Does Not Deliver to Lower
Precedence MX-s



You have just named the #1 reason why I don't recommend using the SMTP
Security Server, particularly for scanning outbound mail. 

The way around this would be to use a "Smart" SMTP server. This SMTP
Server can either be inside or outside your firewall, but you have to
make sure that any SMTP traffic from this host does not get processed
by any SMTP resources.

For your resource that scans outbound email, make sure it forwards all
email to your "smart" SMTP server. You can do this by setting the
"Mail Server" part of the resource to your smart SMTP server.

-- PhoneBoy

>We are using SMTP Security Server in F/W-1 30.b, 3072.  We
>have a Sendmail server on the private network.  The problem
>is that when F/W-1's Security Server attempts to deliver mail
>to an outside destination, if that destination's mail-server is
>non-responsive, F/W-1 will NOT attempt to deliver to the next
>lower precedence server (as defined by the MX records in the
>destination's DNS domain).    
>
>This seems to me a rather serious problem, but Checkpoint
>tells my F/W-1 support people (IBM, alas) that they are not
>actively trying to fix it.  
>
>What are you all, who use the SMTP Security Server, doing to
>circumvent this?  I would appreicate hearing from you.  
>
>We are working around the problem with Resources that point
>to the second MX whenever we know a domain's primary MX is
>down.  This, of course, is not a good solution.
>
>We are contemplating putting the Sendmail server outside the
>F/W-1 or in the DMZ.  If you have any suggestions or cautions
>about this move, I would appreciate hearing them.
>
>Thanks.  
>
>
>===========================================================================
=====
>     To unsubscribe from this mailing list, please see the
instructions at
>               http://www.checkpoint.com/services/mailing.html
>===========================================================================
=====


_______________________________________________________________
Get Free Email and Do More On The Web. Visit http://www.msn.com


============================================================================
====
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
============================================================================
====


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Prev by Date: [FW1] fw-1: secureremote.
Next by Date: [FW1] Service config for "nameserver"
Prev by thread: [FW1] fw-1: secureremote.
Next by thread: [FW1] Service config for "nameserver"
Index(es):
- Date
- Thread