[Firewall] Block SMTP traffic out

Lonnie Abelbeck lists at lonnie.abelbeck.com
Tue Mar 2 14:26:36 CET 2010


Dennis,

Ahhh, I didn't fully understand your wishes...

LAN_INET_HOST_OPEN_TCP="internal_mail_server>external_mail_server~25"
LAN_INET_HOST_DENY_TCP="0/0>0/0~25"

should block all outbound SMTP, except for your internal mail server to your external relay mail server.

Is this what you want?

Lonnie


On Mar 2, 2010, at 3:31 AM, Dennis van der Meer wrote:

> Hi Lonnie,
> 
> I tried setting the 2 settings that you gave me but I am still able to
> connect to port 25 of our
> providers email server from my workstation. Access to port 25 to any
> system on the internet should be blocked for the entire
> LAN except for 1 system.
> Since I use NAT to forward all internal traffic to the outside, can this
> be the problem? Because when I log traffic I only
> see a message in the log when the Linux server forwards an email to our
> Exchange server (so on the server directly).
> 
> 
> P.s. I did do a reboot after the changes.
> 
> 
> Dennis
> 
> -----Original Message-----
> From: firewall-bounces at rocky.eld.leidenuniv.nl
> [mailto:firewall-bounces at rocky.eld.leidenuniv.nl] On Behalf Of Lonnie
> Abelbeck
> Sent: dinsdag 2 maart 2010 4:56
> To: Arno's IPTABLES firewall script
> Subject: Re: [Firewall] Block SMTP traffic out
> 
> Dennis,
> 
> You are on the right track, but try:
> 
> LAN_INET_HOST_OPEN_TCP="0/0>ip_of_mail_server~25"
> LAN_INET_HOST_DENY_TCP="0/0>0/0~25"
> 
> When testing, understand that established states are maintained when the
> firewall is 'restart'-ed, so a reboot might be in order to clear out any
> previous outbound TCP 25 states.
> 
> Lonnie
> 
> 
> On Mar 1, 2010, at 8:12 AM, Dennis van der Meer wrote:
> 
>> Hi,
>> 
>> We are currently having a problem that more and more of our email is
> being blocked since we are on
>> a spam list. Since we don't spam ourselves (and I am certain of it) I
> think we have a spam bot running in
>> our network. Unfortunately the network is too large to scan each and
> every computer for any spam bots
>> so I would like to do something else instead.
>> We have Outlook clients that connect to an Exchange server. The
> Exchange server is the only server that
>> will send email out. All email traffic goes through a Linux gateway
> that runs the Arno iptables firewall script.
>> So I was thinking of blocking port 25 and logging attempts for every
> machine but the mail server.
>> I already tried to set this in the firewall script but somehow it is
> not working as it should.
>> 
>> I tried setting the following already:
>>                LAN_INET_HOST_OPEN_TCP="ip_of_mail_server>0/0~25"
>>                LAN_INET_HOST_DENY_TCP="0/0>0/0~25"
>> 
>> Can anyone tell me what to set in the config to accomplish what I
> want?
>> 
>> 
>> Dennis
>> 
>> _______________________________________________
>> Firewall mailing list
>> Firewall at rocky.eld.leidenuniv.nl
>> http://rocky.eld.leidenuniv.nl/mailman/listinfo/firewall
>> Arno's (Linux IPTABLES Firewall) Homepage:
>> http://rocky.eld.leidenuniv.nl
> 
> _______________________________________________
> Firewall mailing list
> Firewall at rocky.eld.leidenuniv.nl
> http://rocky.eld.leidenuniv.nl/mailman/listinfo/firewall
> Arno's (Linux IPTABLES Firewall) Homepage:
> http://rocky.eld.leidenuniv.nl
> _______________________________________________
> Firewall mailing list
> Firewall at rocky.eld.leidenuniv.nl
> http://rocky.eld.leidenuniv.nl/mailman/listinfo/firewall
> Arno's (Linux IPTABLES Firewall) Homepage:
> http://rocky.eld.leidenuniv.nl
> 
> 



More information about the Firewall mailing list