Re: (PM) smtp filters on pm2e's

Doug Ingraham (dpi@rapidnet.com)
Wed, 27 May 1998 18:09:40 -0600 (MDT)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: John G. Thompson: "Re: (PM) Re: (RADIUS) Idle timer (fwd)"
Previous message: Robert Hough: "(PM) Info"

On Wed, 27 May 1998, Todd M. Jagger wrote:

> 1) The Configuration guide deals more with permit filters than deny
> filters. Does this mean that once you implement any filters on a pm you
> have to specifically permit packets or they'll be denied? Or can you just
> implement a set of deny filters and everything else will pass through?
>
> 2) Say I wanted to deny smtp packets from a known spam domain's class c
> and I've added a filter as "spam.in". Would this be the proper syntax to
> do so?
>
> set filter spam.in 1 deny 209.136.153.0/0 0.0.0.0/0 tcp dst eq 25 log
>
> If not, where did I mess up? :)

The livingston filters work almost exactly like the cisco extended access
lists. The difference is minor syntax. The list is scanned from top to
bottom with an implicit deny at the end. I got the impression you were
familiar with cisco.

The example you give needs

set filter spam.in 2 permit

Or it will deny everything.

> 3) What is the impact on the pm's performance by putting these filters in
> place, assuming that the list of filters is not huge but maybe 25 or so
> entries? Is using a Choicenet server a better option than having the
> filters on the pm itself?

I stopped using choicenet because it logs bogus error messages and
livingston acted like it was something I was doing wrong. On active
servers it seems to like to download a filter even if it is already loaded
into a server. And sometimes it reports that the filter is damaged when
it does this. Anyway, on a busy system it generates a lot of error
messages and they make me nervous. So I recommend you not use choicenet
unless you have to. In my case I am not using the list feature so I just
wrote a script that loads a set of filters into all our boxes. That way I
can manage a lot of boxes from one place which is the reason I would have
used choicenet anyway.

Doug Ingraham The best defense against logic is ignorance.
Rapid City, SD
USA

-
To unsubscribe, email 'majordomo@livingston.com' with
'unsubscribe portmaster-users' in the body of the message.
Searchable list archive: <URL:http://www.livingston.com/Tech/archive/>

Next message: John G. Thompson: "Re: (PM) Re: (RADIUS) Idle timer (fwd)"
Previous message: Robert Hough: "(PM) Info"