[Firewall] Block SMTP traffic out

Arno van Amersfoort arnova at rocky.eld.leidenuniv.nl
Wed Mar 3 14:20:24 CET 2010


Weird, looks all ok. What's the output of 
/usr/local/sbin/arno-iptables-firewall start ?


Dennis van der Meer wrote:
> Sorry, but it doesn't work. I have added my firewall.conf because maybe
> something is overriding the settings.
> 
> 
> Dennis
> 
> -----Original Message-----
> From: firewall-bounces at rocky.eld.leidenuniv.nl
> [mailto:firewall-bounces at rocky.eld.leidenuniv.nl] On Behalf Of Arno van
> Amersfoort
> Sent: woensdag 3 maart 2010 12:47
> To: Arno's IPTABLES firewall script
> Subject: Re: [Firewall] Block SMTP traffic out
> 
> What you probably want it:
> 
> LAN_INET_DENY_TCP="25"
> LAN_INET_HOST_OPEN_TCP="mailserver_lan_ip>0/0~25"
> 
> That should do it. It simply blocks all TCP port 25 traffic but since 
> the HOST_OPEN rules overrule the DENY_TCP rule it will create an 
> exception for your mailserver....
> 
> a.
> 
> Dennis van der Meer wrote:
>> Hi Lonnie,
>>
>> This unfortunately does nothing.
>> I tried DENY_TCP="25" and it does nothing. I don't see anything in the
>> log
>> I tried REJECT_TCP="25" and it also does nothing. Once again I don't
> see
>> anything in the log.
>> I tried HOST_DENY_TCP="0/0~25" and it also does nothing. Also nothing
> in
>> the log appears.
>> I also tried LAN_INET_DENY_TCP="25" and, you guessed it, it does
>> nothing. Same with log information.
>> And I have them all activated at once but absolutely nothing is
> blocked
>> at all.
>>
>> I can block ports from outside to inside but nothing from inside to
>> outside is blocked, unless it is
>> on the Linux server directly.
>>
>> I can still telnet from my client to a server on port 25. All clients
>> have my Linux system
>> as the default gateway so it should do something.
>>
>>
>> P.s. The version I use is 1.9.2d
>>
>>
>> Dennis
>>
>> -----Original Message-----
>> From: firewall-bounces at rocky.eld.leidenuniv.nl
>> [mailto:firewall-bounces at rocky.eld.leidenuniv.nl] On Behalf Of Lonnie
>> Abelbeck
>> Sent: dinsdag 2 maart 2010 14:27
>> To: Arno's IPTABLES firewall script
>> Subject: Re: [Firewall] Block SMTP traffic out
>>
>> Dennis,
>>
>> Ahhh, I didn't fully understand your wishes...
>>
>> LAN_INET_HOST_OPEN_TCP="internal_mail_server>external_mail_server~25"
>> LAN_INET_HOST_DENY_TCP="0/0>0/0~25"
>>
>> should block all outbound SMTP, except for your internal mail server
> to
>> your external relay mail server.
>>
>> Is this what you want?
>>
>> Lonnie
>>
>>
>> On Mar 2, 2010, at 3:31 AM, Dennis van der Meer wrote:
>>
>>> Hi Lonnie,
>>>
>>> I tried setting the 2 settings that you gave me but I am still able
> to
>>> connect to port 25 of our
>>> providers email server from my workstation. Access to port 25 to any
>>> system on the internet should be blocked for the entire
>>> LAN except for 1 system.
>>> Since I use NAT to forward all internal traffic to the outside, can
>> this
>>> be the problem? Because when I log traffic I only
>>> see a message in the log when the Linux server forwards an email to
>> our
>>> Exchange server (so on the server directly).
>>>
>>>
>>> P.s. I did do a reboot after the changes.
>>>
>>>
>>> Dennis
>>>
>>> -----Original Message-----
>>> From: firewall-bounces at rocky.eld.leidenuniv.nl
>>> [mailto:firewall-bounces at rocky.eld.leidenuniv.nl] On Behalf Of Lonnie
>>> Abelbeck
>>> Sent: dinsdag 2 maart 2010 4:56
>>> To: Arno's IPTABLES firewall script
>>> Subject: Re: [Firewall] Block SMTP traffic out
>>>
>>> Dennis,
>>>
>>> You are on the right track, but try:
>>>
>>> LAN_INET_HOST_OPEN_TCP="0/0>ip_of_mail_server~25"
>>> LAN_INET_HOST_DENY_TCP="0/0>0/0~25"
>>>
>>> When testing, understand that established states are maintained when
>> the
>>> firewall is 'restart'-ed, so a reboot might be in order to clear out
>> any
>>> previous outbound TCP 25 states.
>>>
>>> Lonnie
>>>
>>>
>>> On Mar 1, 2010, at 8:12 AM, Dennis van der Meer wrote:
>>>
>>>> Hi,
>>>>
>>>> We are currently having a problem that more and more of our email is
>>> being blocked since we are on
>>>> a spam list. Since we don't spam ourselves (and I am certain of it)
> I
>>> think we have a spam bot running in
>>>> our network. Unfortunately the network is too large to scan each and
>>> every computer for any spam bots
>>>> so I would like to do something else instead.
>>>> We have Outlook clients that connect to an Exchange server. The
>>> Exchange server is the only server that
>>>> will send email out. All email traffic goes through a Linux gateway
>>> that runs the Arno iptables firewall script.
>>>> So I was thinking of blocking port 25 and logging attempts for every
>>> machine but the mail server.
>>>> I already tried to set this in the firewall script but somehow it is
>>> not working as it should.
>>>> I tried setting the following already:
>>>>                LAN_INET_HOST_OPEN_TCP="ip_of_mail_server>0/0~25"
>>>>                LAN_INET_HOST_DENY_TCP="0/0>0/0~25"
>>>>
>>>> Can anyone tell me what to set in the config to accomplish what I
>>> want?
>>>> Dennis
>>>>
>>>> _______________________________________________
>>>> Firewall mailing list
>>>> Firewall at rocky.eld.leidenuniv.nl
>>>> http://rocky.eld.leidenuniv.nl/mailman/listinfo/firewall
>>>> Arno's (Linux IPTABLES Firewall) Homepage:
>>>> http://rocky.eld.leidenuniv.nl
>>> _______________________________________________
>>> Firewall mailing list
>>> Firewall at rocky.eld.leidenuniv.nl
>>> http://rocky.eld.leidenuniv.nl/mailman/listinfo/firewall
>>> Arno's (Linux IPTABLES Firewall) Homepage:
>>> http://rocky.eld.leidenuniv.nl
>>> _______________________________________________
>>> Firewall mailing list
>>> Firewall at rocky.eld.leidenuniv.nl
>>> http://rocky.eld.leidenuniv.nl/mailman/listinfo/firewall
>>> Arno's (Linux IPTABLES Firewall) Homepage:
>>> http://rocky.eld.leidenuniv.nl
>>>
>>>
>> _______________________________________________
>> Firewall mailing list
>> Firewall at rocky.eld.leidenuniv.nl
>> http://rocky.eld.leidenuniv.nl/mailman/listinfo/firewall
>> Arno's (Linux IPTABLES Firewall) Homepage:
>> http://rocky.eld.leidenuniv.nl
>> _______________________________________________
>> Firewall mailing list
>> Firewall at rocky.eld.leidenuniv.nl
>> http://rocky.eld.leidenuniv.nl/mailman/listinfo/firewall
>> Arno's (Linux IPTABLES Firewall) Homepage:
>> http://rocky.eld.leidenuniv.nl
>>
> 
> 
> ------------------------------------------------------------------------
> 
> _______________________________________________
> Firewall mailing list
> Firewall at rocky.eld.leidenuniv.nl
> http://rocky.eld.leidenuniv.nl/mailman/listinfo/firewall
> Arno's (Linux IPTABLES Firewall) Homepage:
> http://rocky.eld.leidenuniv.nl

-- 
Arno van Amersfoort
E-mail    : arnova at rocky.eld.leidenuniv.nl
Donations are welcome through Paypal!
---------------------------------------------------------------------------
Arno's (Linux IPTABLES Firewall) Homepage:
http://rocky.eld.leidenuniv.nl


More information about the Firewall mailing list