SMTP Security Server as a Spam Guard

[roadrunner]

SMTP Security Server as a Spam Guard
Spam is a notoriously difficult thing to filter properly. Many individuals and companies have written various programs to attempt to filter spam. While not specifically designed to handle this task, FireWall-1 does have some features that can be used to help, namely the SMTP Security Server.

In my opinion, I feel that your inbound SMTP server is a better tool to stop spam. Most SMTP servers (with the notable exception of Microsoft Exchange 5.0 and earlier) have the capability to turn off unauthorized relaying and/or implement some checks to prevent unauthorized use. You can even subscribe to service that maintains a blacklist of known bad sites.

To use the SMTP Security Server:


Make sure that the SMTP Security Server is enabled in $FWDIR/conf/fwauthd.conf
Create your SMTP Resource
Add the SMTP Resource rule to your rulebase
Make sure your firewall has adequate disk space to store incoming mail as it will "store and forward" the email.

Enable SMTP Security Server in $FWDIR/conf/fwauthd.conf
Make sure the following line exists and is uncommented in $FWDIR/conf/fwauthd.conf on your firewall:

25 fwssd in.asmtpd wait 0
If not, add or uncomment this line and restart FireWall-1 (fwstop; fwstart)

Create SMTP Resources
Your Resource should have the following fields defined:


Mail Server (under General tab). This is optional. Put the IP address of your inbound server here. If you have more than one SMTP Server, enter them in the format {ip-address-1,ip-address-2,...}
Notify Sender on Error (under General tab). Check this if you want to notify the sender their message has been rejected or in case of some other problem.
Recipient (under the Match tab). This should read *@yourdomain.com. If you have multiple domains, it should read *@{yourdomain.com,yourotherdomain.com,...}
Sender (under the Match tab). This should be configured with a * to match all incoming mail.
Don't Accept Mail Larger Than (under the Action 2 tab). This should be set appropriately. The default is 1000k (or roughly a megabyte).

Add SMTP Resource to Rulebase
Add a rule similiar to the following and re-install the security policy:

Source Destination Service Action
Any SMTP-Server SMTP->Inbound_Filter Accept



What Does This Accomplish?
All email destined for your SMTP Server will be intercepted by FireWall-1's SMTP Security Server. FireWall?-1 will answer on behalf of your SMTP Server, scan the message to insure it meets the Inbound_Filter resource, and forward it to the SMTP server's specified in the Inbound_Filter resource.


A Possible Bug with this Configuration
Several people mentioned it may be possible to use the SMTP Security Server as a spam relay in the following situation:

User specified an allowed domain in the "To" field
In the same message, the "Bcc" field contains non-allowed domains
In this case, both the "allowed" and the "unallowed" recipients are sent the message. I can not verify that this problem exists in 4.1 SP2, so you can either upgrade to that version or also add a rule after the above rule that explictly denies SMTP using a "wildcard" SMTP resource (sender and recipient are both *).

-- PhoneBoy - 01 Jan 2004


FAQForm
FAQs.Class: ContentSecurityFAQs
FAQs.OperatingSystem:
FAQs.Version: