Protect Your SMTP Server from Email Relaying

Email relaying, also called mail spamming or referred to as an open mail relay, is an intrusion in which an unauthorized person uses your email server, address, and other resources, to send large amounts of spam email. This can cause system crashes, equipment damage, and financial loss.

The Firebox can provide basic mail relay protection, but for the strongest security, we recommend that you correctly configure your email server to prevent mail relay.

To configure the Firebox to provide mail relay protection, you can change the settings of the SMTP-proxy policy that filters traffic from the external network to your internal SMTP server to include your domain information. When you type your domain, you can use the wildcard (*) character. Any email address that ends with @your-domain-name is allowed. If your email server accepts email for more than one domain, you can add more domains. For example, if you add both *@example.com and *@*.example.com to the list, your email server will accept all email destined to the top-levelexample.com domain and all email destined to sub-domains of example.com. For example, rnd.example.com.

Before you start this procedure, you must know the names of all domains that your SMTP email server receives email for.

To protect against email relaying, from Fireware Web UI:

  1. Select Firewall > Proxy Actions.
  2. Select the SMTP-proxy action for the SMTP-proxy policy that filters traffic from the external network to an internal SMTP server. Click Edit.
  3. From the Address drop-down list, select Rcpt To.
  4. In the Value text box, type *@[your-domain-name], and set the action to Allow. For example, if the domain is example.com, type *@example.com.
  5. Add other domains as necessary.
  6. From the Action to take if no rule above is matched drop-down list, select Deny.
    Any email destined to an address other than the domains in the list is denied.

To protect against email relaying, from Policy Manager:

  1. Open Policy Manager.
  2. Double-click the SMTP-proxy policy that filters traffic from the external network to an internal SMTP server.
    The Edit Policy Properties dialog box appears with the Policy tab selected.
  3. Adjacent to the Proxy action drop-down list, click View/Edit Proxy button.
    The SMTP-proxy Action Configuration dialog box appears.
  4. In the Categories tree, select Address > Rcpt To.
  5. In the Pattern text box, type *@[your-domain-name]. For example, if the domain is example.com, type *@example.com.
  6. Click Add.
    Your domain appears in the Rules list..
  7. Add other domains as necessary.
  8. In the Actions to Take section, from the None Matched drop-down list, select Deny.
    Any email destined to an address other than the domains in the list is denied.
  9. Click OK to close the SMTP Proxy Action Configuration dialog box.
  10. Click OK to close the SMTP-proxy policy definition.
  11. Click OK to close the Edit Policy Properties dialog box.
  12. Save the Configuration File.

Another way to protect your server is to type a value in the Rewrite As text box in this dialog box. The Firebox then changes the From and To components of your email address to a different value. This feature is also known as SMTP masquerading.

Related Topics

About the SMTP-Proxy

SMTP-Proxy: Mail From/Rcpt To