The SMTP Security Server from Firewall 1 V3.0 can parse any of the SMTP
message header fields.
In addition, you can do wildcard matches and rewriting actions (eg,
change user @
com to user @
There is also a hook into a Cheyenne Innoculan add-in supplied with
V3.0, although it doesn't scan attachments.
Documentation isn't great, but it's not too difficult to set up.
I take your point about the NT SMTP PO, although maybe putting it in a
DMZ and controlling access to it is better than just letting SMTP
through to the secure side for Checkpoint 2.1 users.
Putting an Exchange Server in the DMZ would be better, but expensive and
a pain if you want it to be part of your internal Exchange Site.
The idea of letting the appropriate NETBt calls for Exchange through the
firewall doesn't thrill me, although there is a paper on it on the
Checkpoint Web site. ( http://www.checkpoint.com )
E-Mail: edkinsr @
>From: Craig Brozefsky [SMTP:craig @
>Sent: Monday, June 09, 1997 6:04 PM
>To: Edkins, Rob - Axon AKL
>Cc: 'martin @
sg'; 'Francisco Lopez (Infovia)';
>Subject: RE: CheckPoint Firewall-1 V. 2.1
>On Mon, 9 Jun 1997, Edkins, Rob - Axon AKL wrote:
>> Upgrade to version 3.0 of Firewall 1 and use the SMTP Security Server
>> This acts as an SMTP Relay, accepting the mail, then queuing it on.
>Does it perform an address parsing etc...?
>> Big advantage of the security server is that nobody from outside touches
>> your Exchange box directly.
>> Yet another way would be to install the SMTP postoffice from the NT4
>> Server Resource kit onto your v2.1 firewall and configure this as a
>I think that would be a really bad idea. Do not put code not specifically
>designed to operate ina secure environment on a firewall. NT4 postoffice
>is not my idea of 'secure' smtp service and I certainly would not want it
>running on a firewall.
>Craig Brozefsky craig @
>onShore Inc. http://www.onshore.com/~craig
>Development Team p_priority=PFUN+(p_work/4)+(2*p_cash)