- CheckMates
- :
- Products
- :
- Quantum
- :
- Threat Prevention
- :
- Re: Private SMTP Commands
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Are you a member of CheckMates?
×- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Private SMTP Commands
Hi
According to sk37299 and Checkpoint Advisory post below:
https://www.checkpoint.com/defense/advisories/public/2010/sbp-2010-06.html#vulnerability
Why are SMTP Private commands deemed "Unsafe?"
-Tony S.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
We validate correct use of SMTP commands per the specification.
With private commands, there are no defined standards, and thus no way for us to validate them.
We block them by default as a result, but you can also disable this check as described in the SK: SMTP parser drops SMTP Private commands
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thank you for the Reply, Dameon. I have a follow-up question:
I have this protection turned on. I had an incident where the same sender sent an e-mail to three of our users at once. Two of the three received the message while the third person received the NDR below:
Remote Server returned '< #5.0.0 smtp; 554 Policy violation. Email Session ID: {59E4EB1B-B-A6419AC-C0000003}>'
Why would the firewall allow some messages to get by to our recipients and block the third person?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Not sure on that one.
If you can reproduce it, it might be worth a TAC case: Contact Support | Check Point Software
