[Firewall] Block SMTP traffic out

Lonnie Abelbeck lists at lonnie.abelbeck.com
Tue Mar 2 04:56:03 CET 2010


Dennis,

You are on the right track, but try:

LAN_INET_HOST_OPEN_TCP=”0/0>ip_of_mail_server~25”
LAN_INET_HOST_DENY_TCP=”0/0>0/0~25”

When testing, understand that established states are maintained when the firewall is 'restart'-ed, so a reboot might be in order to clear out any previous outbound TCP 25 states.

Lonnie


On Mar 1, 2010, at 8:12 AM, Dennis van der Meer wrote:

> Hi,
>  
> We are currently having a problem that more and more of our email is being blocked since we are on
> a spam list. Since we don’t spam ourselves (and I am certain of it) I think we have a spam bot running in
> our network. Unfortunately the network is too large to scan each and every computer for any spam bots
> so I would like to do something else instead.
> We have Outlook clients that connect to an Exchange server. The Exchange server is the only server that
> will send email out. All email traffic goes through a Linux gateway that runs the Arno iptables firewall script.
> So I was thinking of blocking port 25 and logging attempts for every machine but the mail server.
> I already tried to set this in the firewall script but somehow it is not working as it should.
>  
> I tried setting the following already:
>                 LAN_INET_HOST_OPEN_TCP=”ip_of_mail_server>0/0~25”
>                 LAN_INET_HOST_DENY_TCP=”0/0>0/0~25”
>  
> Can anyone tell me what to set in the config to accomplish what I want?
>  
>  
> Dennis
>  
> _______________________________________________
> Firewall mailing list
> Firewall at rocky.eld.leidenuniv.nl
> http://rocky.eld.leidenuniv.nl/mailman/listinfo/firewall
> Arno's (Linux IPTABLES Firewall) Homepage:
> http://rocky.eld.leidenuniv.nl



More information about the Firewall mailing list