cancel
Showing results for 
Search instead for 
Did you mean: 
Post a Question

Private SMTP Commands

Hi

According to sk37299 and Checkpoint Advisory post below:

 

https://www.checkpoint.com/defense/advisories/public/2010/sbp-2010-06.html#vulnerability

 

Why are SMTP Private commands deemed "Unsafe?"

 

-Tony S. 

0 Kudos
3 Replies
Admin
Admin

Re: Private SMTP Commands

We validate correct use of SMTP commands per the specification.

With private commands, there are no defined standards, and thus no way for us to validate them.

We block them by default as a result, but you can also disable this check as described in the SK: SMTP parser drops SMTP Private commands 

0 Kudos

Re: Private SMTP Commands

Thank you for the Reply, Dameon. I have a follow-up question:

I have this protection turned on. I had an incident where the same sender sent an e-mail to three of our users at once. Two of the three received the message while the third person received the NDR below:

Remote Server returned '< #5.0.0 smtp; 554 Policy violation. Email Session ID: {59E4EB1B-B-A6419AC-C0000003}>'

Why would the firewall allow some messages to get by to our recipients and block the third person?

0 Kudos
Admin
Admin

Re: Private SMTP Commands

Not sure on that one.

If you can reproduce it, it might be worth a TAC case: Contact Support | Check Point Software 

0 Kudos