[Firewall] Block SMTP traffic out

Dennis van der Meer iptables at greenchem-adblue.com
Wed Mar 3 14:07:12 CET 2010


Sorry, but it doesn't work. I have added my firewall.conf because maybe
something is overriding the settings.


Dennis

-----Original Message-----
From: firewall-bounces at rocky.eld.leidenuniv.nl
[mailto:firewall-bounces at rocky.eld.leidenuniv.nl] On Behalf Of Arno van
Amersfoort
Sent: woensdag 3 maart 2010 12:47
To: Arno's IPTABLES firewall script
Subject: Re: [Firewall] Block SMTP traffic out

What you probably want it:

LAN_INET_DENY_TCP="25"
LAN_INET_HOST_OPEN_TCP="mailserver_lan_ip>0/0~25"

That should do it. It simply blocks all TCP port 25 traffic but since 
the HOST_OPEN rules overrule the DENY_TCP rule it will create an 
exception for your mailserver....

a.

Dennis van der Meer wrote:
> Hi Lonnie,
> 
> This unfortunately does nothing.
> I tried DENY_TCP="25" and it does nothing. I don't see anything in the
> log
> I tried REJECT_TCP="25" and it also does nothing. Once again I don't
see
> anything in the log.
> I tried HOST_DENY_TCP="0/0~25" and it also does nothing. Also nothing
in
> the log appears.
> I also tried LAN_INET_DENY_TCP="25" and, you guessed it, it does
> nothing. Same with log information.
> And I have them all activated at once but absolutely nothing is
blocked
> at all.
> 
> I can block ports from outside to inside but nothing from inside to
> outside is blocked, unless it is
> on the Linux server directly.
> 
> I can still telnet from my client to a server on port 25. All clients
> have my Linux system
> as the default gateway so it should do something.
> 
> 
> P.s. The version I use is 1.9.2d
> 
> 
> Dennis
> 
> -----Original Message-----
> From: firewall-bounces at rocky.eld.leidenuniv.nl
> [mailto:firewall-bounces at rocky.eld.leidenuniv.nl] On Behalf Of Lonnie
> Abelbeck
> Sent: dinsdag 2 maart 2010 14:27
> To: Arno's IPTABLES firewall script
> Subject: Re: [Firewall] Block SMTP traffic out
> 
> Dennis,
> 
> Ahhh, I didn't fully understand your wishes...
> 
> LAN_INET_HOST_OPEN_TCP="internal_mail_server>external_mail_server~25"
> LAN_INET_HOST_DENY_TCP="0/0>0/0~25"
> 
> should block all outbound SMTP, except for your internal mail server
to
> your external relay mail server.
> 
> Is this what you want?
> 
> Lonnie
> 
> 
> On Mar 2, 2010, at 3:31 AM, Dennis van der Meer wrote:
> 
>> Hi Lonnie,
>>
>> I tried setting the 2 settings that you gave me but I am still able
to
>> connect to port 25 of our
>> providers email server from my workstation. Access to port 25 to any
>> system on the internet should be blocked for the entire
>> LAN except for 1 system.
>> Since I use NAT to forward all internal traffic to the outside, can
> this
>> be the problem? Because when I log traffic I only
>> see a message in the log when the Linux server forwards an email to
> our
>> Exchange server (so on the server directly).
>>
>>
>> P.s. I did do a reboot after the changes.
>>
>>
>> Dennis
>>
>> -----Original Message-----
>> From: firewall-bounces at rocky.eld.leidenuniv.nl
>> [mailto:firewall-bounces at rocky.eld.leidenuniv.nl] On Behalf Of Lonnie
>> Abelbeck
>> Sent: dinsdag 2 maart 2010 4:56
>> To: Arno's IPTABLES firewall script
>> Subject: Re: [Firewall] Block SMTP traffic out
>>
>> Dennis,
>>
>> You are on the right track, but try:
>>
>> LAN_INET_HOST_OPEN_TCP="0/0>ip_of_mail_server~25"
>> LAN_INET_HOST_DENY_TCP="0/0>0/0~25"
>>
>> When testing, understand that established states are maintained when
> the
>> firewall is 'restart'-ed, so a reboot might be in order to clear out
> any
>> previous outbound TCP 25 states.
>>
>> Lonnie
>>
>>
>> On Mar 1, 2010, at 8:12 AM, Dennis van der Meer wrote:
>>
>>> Hi,
>>>
>>> We are currently having a problem that more and more of our email is
>> being blocked since we are on
>>> a spam list. Since we don't spam ourselves (and I am certain of it)
I
>> think we have a spam bot running in
>>> our network. Unfortunately the network is too large to scan each and
>> every computer for any spam bots
>>> so I would like to do something else instead.
>>> We have Outlook clients that connect to an Exchange server. The
>> Exchange server is the only server that
>>> will send email out. All email traffic goes through a Linux gateway
>> that runs the Arno iptables firewall script.
>>> So I was thinking of blocking port 25 and logging attempts for every
>> machine but the mail server.
>>> I already tried to set this in the firewall script but somehow it is
>> not working as it should.
>>> I tried setting the following already:
>>>                LAN_INET_HOST_OPEN_TCP="ip_of_mail_server>0/0~25"
>>>                LAN_INET_HOST_DENY_TCP="0/0>0/0~25"
>>>
>>> Can anyone tell me what to set in the config to accomplish what I
>> want?
>>>
>>> Dennis
>>>
>>> _______________________________________________
>>> Firewall mailing list
>>> Firewall at rocky.eld.leidenuniv.nl
>>> http://rocky.eld.leidenuniv.nl/mailman/listinfo/firewall
>>> Arno's (Linux IPTABLES Firewall) Homepage:
>>> http://rocky.eld.leidenuniv.nl
>> _______________________________________________
>> Firewall mailing list
>> Firewall at rocky.eld.leidenuniv.nl
>> http://rocky.eld.leidenuniv.nl/mailman/listinfo/firewall
>> Arno's (Linux IPTABLES Firewall) Homepage:
>> http://rocky.eld.leidenuniv.nl
>> _______________________________________________
>> Firewall mailing list
>> Firewall at rocky.eld.leidenuniv.nl
>> http://rocky.eld.leidenuniv.nl/mailman/listinfo/firewall
>> Arno's (Linux IPTABLES Firewall) Homepage:
>> http://rocky.eld.leidenuniv.nl
>>
>>
> 
> _______________________________________________
> Firewall mailing list
> Firewall at rocky.eld.leidenuniv.nl
> http://rocky.eld.leidenuniv.nl/mailman/listinfo/firewall
> Arno's (Linux IPTABLES Firewall) Homepage:
> http://rocky.eld.leidenuniv.nl
> _______________________________________________
> Firewall mailing list
> Firewall at rocky.eld.leidenuniv.nl
> http://rocky.eld.leidenuniv.nl/mailman/listinfo/firewall
> Arno's (Linux IPTABLES Firewall) Homepage:
> http://rocky.eld.leidenuniv.nl
> 

-- 
Arno van Amersfoort
E-mail    : arnova at rocky.eld.leidenuniv.nl
Donations are welcome through Paypal!
------------------------------------------------------------------------
---
Arno's (Linux IPTABLES Firewall) Homepage:
http://rocky.eld.leidenuniv.nl
_______________________________________________
Firewall mailing list
Firewall at rocky.eld.leidenuniv.nl
http://rocky.eld.leidenuniv.nl/mailman/listinfo/firewall
Arno's (Linux IPTABLES Firewall) Homepage:
http://rocky.eld.leidenuniv.nl
-------------- next part --------------
A non-text attachment was scrubbed...
Name: firewall.conf
Type: application/octet-stream
Size: 48992 bytes
Desc: firewall.conf
URL: <http://rocky.eld.leidenuniv.nl/pipermail/firewall/attachments/20100303/fcb18fb4/attachment-0001.obj>


More information about the Firewall mailing list