Results 1 to 4 of 4

Thread: [SOLVED] Security best-practices question

Hybrid View

  1. #1
    Join Date
    Jul 2007
    Location
    San Jose, CA
    Posts
    1,027
    Rep Power
    10

    Default [SOLVED] Security best-practices question

    Hey people, I'm looking for opinions on the best practice for configuring my firewalls and/or Zimbra so I can get security notices from the firewalls.

    My firewall is capable of sending out both notices of failed logins, intrusions, etc, and also backup files to an email address I specify. This feature uses a SMTP engine (Exim) built right into the firewall to kick the notices out, and they go out through the WAN IP of the box. If I send them to a nearly-unfiltered account I have elsewhere (not on Zimbra) the messages come thru, even with Fetchmail grabbing them down to a Zimbra account. However, if I direct these same messages to an account on my Zimbra box, they are rejected by Postfix:
    Code:
    Feb 26 11:23:35 mail postfix/smtpd[24845]: NOQUEUE: reject: RCPT from unknown[XXX.XXX.XXX.XXX]: 504 <firewall-hostname>: Helo command rejected: need fully-qualified hostname; fro
    m=<do-not-reply@fw-notify.net> to=<myaddress> proto=ESMTP helo=<firewall-hostname>
    I know WHY this is happening--I have the various MTA restrictions turned on, including:
    • reject_invalid_hostname
    • reject_non_fqdn_hostname
    • reject_non_fqdn_sender
    • reject_unknown_sender_domain
    And guess what, it's following my instructions to the letter! I don't really want to turn these features off because they stop a lot of trash, but I DO want to get my firewall notices. I can see a couple less-than-desirable options:
    1. Add the WAN IP addresses of my "Allowed senders" relay list. My concern with this is that I don't much like to have a relay open to ANY public IPs
    2. Register my WAN IPs in a DNS I control. I don't much like putting the gateways to my networks in a phone book. . .seems kinda like inviting trouble.
    3. There ought to be a way to whitelist the addresses I create, but my first attempts at whitelisting didn't work--it seems Postfix is rejecting the message before SpamAssassin gets a chance to whitelist it.
    Would appreciate any ideas you all might have.

    Cheers,

    Dan

  2. #2
    Join Date
    Jul 2007
    Location
    Baltimore
    Posts
    1,649
    Rep Power
    11

    Default

    i believe exim just uses whatever your hostname is for the helo. type the command 'hostname'

    hercules:~ # hostname
    hercules

    so you can see it's using just the hostname minus the domain. Try setting your hostname to your fqdn

    hercules:~ # hostname hercules.domain.com
    hercules:~ # hostname
    hercules.domain.com

    then maybe restart exim and see if it works now

    dependds on your distribution as to where you need to set this to be permanent.

  3. #3
    Join Date
    Jul 2007
    Location
    San Jose, CA
    Posts
    1,027
    Rep Power
    10

    Default

    Well and good, but these are T1s sold to us by AT&T for internet access. They don't have DNS associated with them, and as nearly as I can tell they don't have a FQDN, or if they do I can't figure out what it is. I tried whois on the ip address and no permutation I'm able to come up with works.

    Any more ideas?

  4. #4
    Join Date
    Jul 2007
    Location
    San Jose, CA
    Posts
    1,027
    Rep Power
    10

    Red face I'm an idiot, forget I posted this!

    I'm truly embarrassed by what I discovered is the problem. I've been putting an address formatted like an email (firewallname@something.net) into the FQDN field of my firewall. Not surprisingly, Postfix sees that as an invalid domain and rejects the email. It had nothing to do with a reverse lookup, and everything to do with me overlooking the blindingly obvious.

    Putting in a FQDN of my own invention that just looks right was good enough.

Similar Threads

  1. Best Practices Question
    By msf004 in forum Administrators
    Replies: 2
    Last Post: 09-06-2007, 01:40 PM
  2. DelegateAuth in audit.log
    By Krishopper in forum Administrators
    Replies: 2
    Last Post: 05-17-2007, 05:08 AM
  3. High Performance, Security, Redundancy
    By gjhorne in forum Installation
    Replies: 1
    Last Post: 03-30-2007, 11:29 PM
  4. Multiple Domains Question
    By kristiaan_d in forum Administrators
    Replies: 2
    Last Post: 03-14-2007, 04:38 AM
  5. Certificate Question - Best practices
    By shankwc in forum Administrators
    Replies: 1
    Last Post: 03-04-2006, 10:16 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •