[Firewall] Block SMTP traffic out

Dennis van der Meer iptables at greenchem-adblue.com
Mon Mar 1 15:48:05 CET 2010


Hi,

 

I found a similar question in the mailinglist archives and there it is
suggested to use

                LAN_INET_DENY_TCP="25"

 

I have even used

                DENY_TCP="25"

 

And I am still able to connect to our mail provider host by telnetting
to it on port 25.

 

I also added:

                LOG_OUTPUT_TCP="25"

 

just to log traffic. The only problem with this is that it logs internal
traffic going out from the Linux server directly 

but not the LAN. I have a mail gateway on this server which forwards
email to an internal Exchange server and in 

the logs I see port 25 connects from linux gateway to Exchange server.
When I do a telnet on port 25 to our email 

provider from my desktop I don't see this connection in the log.

Is there any way I can log traffic that is going through NAT?

 

 

Dennis

 

From: Dennis van der Meer 
Sent: maandag 1 maart 2010 15:13
To: 'Arno's IPTABLES firewall script'
Subject: Block SMTP traffic out

 

Hi,

 

We are currently having a problem that more and more of our email is
being blocked since we are on

a spam list. Since we don't spam ourselves (and I am certain of it) I
think we have a spam bot running in

our network. Unfortunately the network is too large to scan each and
every computer for any spam bots

so I would like to do something else instead.

We have Outlook clients that connect to an Exchange server. The Exchange
server is the only server that

will send email out. All email traffic goes through a Linux gateway that
runs the Arno iptables firewall script.

So I was thinking of blocking port 25 and logging attempts for every
machine but the mail server.

I already tried to set this in the firewall script but somehow it is not
working as it should.

 

I tried setting the following already:

                LAN_INET_HOST_OPEN_TCP="ip_of_mail_server>0/0~25"

                LAN_INET_HOST_DENY_TCP="0/0>0/0~25"

 

Can anyone tell me what to set in the config to accomplish what I want?

 

 

Dennis

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://rocky.eld.leidenuniv.nl/pipermail/firewall/attachments/20100301/cb3610b7/attachment.htm>


More information about the Firewall mailing list