[Firewall] Block SMTP traffic out

Dennis van der Meer iptables at greenchem-adblue.com
Tue Mar 2 10:31:07 CET 2010


Hi Lonnie,

I tried setting the 2 settings that you gave me but I am still able to
connect to port 25 of our
providers email server from my workstation. Access to port 25 to any
system on the internet should be blocked for the entire
LAN except for 1 system.
Since I use NAT to forward all internal traffic to the outside, can this
be the problem? Because when I log traffic I only
see a message in the log when the Linux server forwards an email to our
Exchange server (so on the server directly).


P.s. I did do a reboot after the changes.


Dennis

-----Original Message-----
From: firewall-bounces at rocky.eld.leidenuniv.nl
[mailto:firewall-bounces at rocky.eld.leidenuniv.nl] On Behalf Of Lonnie
Abelbeck
Sent: dinsdag 2 maart 2010 4:56
To: Arno's IPTABLES firewall script
Subject: Re: [Firewall] Block SMTP traffic out

Dennis,

You are on the right track, but try:

LAN_INET_HOST_OPEN_TCP="0/0>ip_of_mail_server~25"
LAN_INET_HOST_DENY_TCP="0/0>0/0~25"

When testing, understand that established states are maintained when the
firewall is 'restart'-ed, so a reboot might be in order to clear out any
previous outbound TCP 25 states.

Lonnie


On Mar 1, 2010, at 8:12 AM, Dennis van der Meer wrote:

> Hi,
>  
> We are currently having a problem that more and more of our email is
being blocked since we are on
> a spam list. Since we don't spam ourselves (and I am certain of it) I
think we have a spam bot running in
> our network. Unfortunately the network is too large to scan each and
every computer for any spam bots
> so I would like to do something else instead.
> We have Outlook clients that connect to an Exchange server. The
Exchange server is the only server that
> will send email out. All email traffic goes through a Linux gateway
that runs the Arno iptables firewall script.
> So I was thinking of blocking port 25 and logging attempts for every
machine but the mail server.
> I already tried to set this in the firewall script but somehow it is
not working as it should.
>  
> I tried setting the following already:
>                 LAN_INET_HOST_OPEN_TCP="ip_of_mail_server>0/0~25"
>                 LAN_INET_HOST_DENY_TCP="0/0>0/0~25"
>  
> Can anyone tell me what to set in the config to accomplish what I
want?
>  
>  
> Dennis
>  
> _______________________________________________
> Firewall mailing list
> Firewall at rocky.eld.leidenuniv.nl
> http://rocky.eld.leidenuniv.nl/mailman/listinfo/firewall
> Arno's (Linux IPTABLES Firewall) Homepage:
> http://rocky.eld.leidenuniv.nl

_______________________________________________
Firewall mailing list
Firewall at rocky.eld.leidenuniv.nl
http://rocky.eld.leidenuniv.nl/mailman/listinfo/firewall
Arno's (Linux IPTABLES Firewall) Homepage:
http://rocky.eld.leidenuniv.nl


More information about the Firewall mailing list