Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Tony_Santana
Explorer

Private SMTP Commands

Hi

According to sk37299 and Checkpoint Advisory post below:

 

https://www.checkpoint.com/defense/advisories/public/2010/sbp-2010-06.html#vulnerability

 

Why are SMTP Private commands deemed "Unsafe?"

 

-Tony S. 

0 Kudos
3 Replies
PhoneBoy
Admin
Admin

We validate correct use of SMTP commands per the specification.

With private commands, there are no defined standards, and thus no way for us to validate them.

We block them by default as a result, but you can also disable this check as described in the SK: SMTP parser drops SMTP Private commands 

0 Kudos
Tony_Santana
Explorer

Thank you for the Reply, Dameon. I have a follow-up question:

I have this protection turned on. I had an incident where the same sender sent an e-mail to three of our users at once. Two of the three received the message while the third person received the NDR below:

Remote Server returned '< #5.0.0 smtp; 554 Policy violation. Email Session ID: {59E4EB1B-B-A6419AC-C0000003}>'

Why would the firewall allow some messages to get by to our recipients and block the third person?

0 Kudos
PhoneBoy
Admin
Admin

Not sure on that one.

If you can reproduce it, it might be worth a TAC case: Contact Support | Check Point Software 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events