Re: Private SMTP Commands

Tony_Santana · ‎2017-11-02

Hi

According to sk37299 and Checkpoint Advisory post below:

https://www.checkpoint.com/defense/advisories/public/2010/sbp-2010-06.html#vulnerability

Why are SMTP Private commands deemed "Unsafe?"

-Tony S.

PhoneBoy · ‎2017-11-02

We validate correct use of SMTP commands per the specification.

With private commands, there are no defined standards, and thus no way for us to validate them.

We block them by default as a result, but you can also disable this check as described in the SK: SMTP parser drops SMTP Private commands

Tony_Santana · ‎2017-11-03

Thank you for the Reply, Dameon. I have a follow-up question:

I have this protection turned on. I had an incident where the same sender sent an e-mail to three of our users at once. Two of the three received the message while the third person received the NDR below:

Remote Server returned '< #5.0.0 smtp; 554 Policy violation. Email Session ID: {59E4EB1B-B-A6419AC-C0000003}>'

Why would the firewall allow some messages to get by to our recipients and block the third person?

PhoneBoy · ‎2017-11-03

Not sure on that one.

If you can reproduce it, it might be worth a TAC case: Contact Support | Check Point Software

Are you a member of CheckMates?

Private SMTP Commands