Configuring an SMTP proxy service

The SMTP proxy limits several potentially harmful aspects of e-mail. The proxy scans the content type and content disposition headers and matches them against a user-definable list of known hostile signatures. E-mail containing suspect attachments is blocked and replaced with messages indicating that this action has been taken.

The list of disallowed signatures can be modified from the Content Types tab in the SMTP Proxy dialog box. You do not have to reboot the Firebox when you make these SMTP configuration changes.

The proxy also automatically disables nonstandard commands such as Debug, and can limit message size and number of recipients. If the message exceeds preset limits, the Firebox refuses the mail.

The Policy Manager uses separate dialog boxes for incoming and outgoing SMTP rules. Because incoming messages pose a greater threat to your network than outgoing ones, the dialog box for incoming SMTP has more controls and configurable properties.

Configuring the incoming SMTP proxy

Use the Incoming SMTP Proxy dialog box to set the incoming parameters of the SMTP proxy. You must already have an SMTP Proxy service icon in the Services Arena. From the Services Arena:

  1. Double-click the SMTP Proxy icon to open the SMTP Proxy Properties dialog box:
  2. Click the Properties tab.
  3. Click Incoming.
    The Incoming SMTP Proxy dialog box appears, displaying the General tab.
  4. Modify general properties according to your preference.
    For a description of each control, right-click it, and then click What's This?.
  5. To modify logging properties, click the Logging tab.

Selecting content types

From the SMTP Proxy Properties dialog box:

  1. Click the Content Types tab.
  2. Click Add under the Content Types box.
    The Select MIME Type dialog box appears.
  3. Select a content type. Click OK.
  4. To create a new MIME type, click New Type. Enter the MIME type and description. Click OK.
    The new type appears at the bottom of the Content Types drop list. Repeat this process for each content type. For a list of MIME content types, see the Reference Guide.

Adding address patterns

From the SMTP Proxy Properties dialog box:

  1. Click the Address Patterns tab.
  2. Use the Category drop list to select a category.
  3. Type the address pattern in the text box to the left of the Add button.
  4. Click Add.
    The address pattern appears at the bottom of the pattern list.

Protecting your mail server against relaying

Hackers and spammers can use an open relay to send mail from your server. To prevent this, disable open relay on your mail server. From the SMTP Proxy Properties dialog box:

  1. Click the Address Patterns tab.
  2. Select Allowed To from the Category drop list.
  3. In the text box to the left of the Add button, enter your own domain.
    With this setting, outside IPs can send mail only to your domain and not relay to other domains.
  4. Click Add.

Select headers to allow

From the SMTP Proxy Properties dialog box:

  1. Click the Headers tab.
  2. To add a new header, type the header name in the text box to the left of the Add button. Click Add.
    The new header appears at the bottom of the header list.
  3. To remove a header, select the header name in the header list. Click Remove.
    The header is removed from the header list.

Configuring the outgoing SMTP proxy

Use the Outgoing SMTP Proxy dialog box to set the parameters for traffic going from your Trusted and Optional network to the world. You must already have an SMTP Proxy service icon in the Services Arena. Double-click the icon to open the service's Properties dialog box:

  1. Click the Properties tab.
  2. Click Outgoing.
    The Outgoing SMTP Proxy dialog box appears, displaying the General tab.
  3. To add a new header pattern, type the pattern name in the text box to the left of the Add button. Click Add.
  4. To remove a header from the pattern list, click the header pattern. Click Remove.
  5. Set a time-out value in seconds.
  6. To modify logging properties, click the Logging tab.

Add masquerading options

SMTP masquerading converts an address pattern behind the firewall into an anonymized public address. For example, the internal address pattern might be inside.salesdept.bigcompany.com, which would be anonymized to their public address bigcompany.com.

  1. Click the Masquerading tab.
  2. Enter the official domain name.
    This is the name you want visible to the outside world.
  3. In the Substitute text box, type the address patterns that are behind your firewall that you want replaced by the official domain name.
    All patterns entered here appear as the official domain name outside the Firebox.
  4. In the Don't Substitute text box, type the address patterns that you want to appear "as is" outside the firewall.
  5. Enable other masquerading properties according to your security policy preferences.

 

Install | User | Handbook | Reference | Training | Support | Contact Us
Copyright © 1998 - 2001 WatchGuard Technologies,Inc. All rights reserved.
Legal Notice/Terms of Use