[Firewall] Block SMTP traffic out

Lonnie Abelbeck lists at lonnie.abelbeck.com
Wed Mar 3 15:51:09 CET 2010


Dennis,

Is it possible you have a route via your IPsec tunnels for the LAN to see the external mail server?

Like Arno, I tested this and it works for me (LAN -> EXT drops TCP 25) with 1.9.2j .

Lonnie


On Mar 3, 2010, at 8:34 AM, Dennis van der Meer wrote:

> Hi,
> 
> What I mean by not working is that nothing is blocked internally.
> So, even if I would block port 25 for the whole LAN I can still connect
> to it by using an internal host and for example use: telnet mailserver
> 25 to connect to my mail provider
> 
> I use one plugin since I have several countries that connect via ipsec
> vpn to my Linux server to use several services:
> 	ipsec-vpn.conf
> 
> If I don't include this plugin then the vpn clients will have problems
> accessing several services in my internal LAN.
> Just to be complete I have included this plugin in this email.
> 
> I never had problems blocking external (internet interface) hosts from
> connecting to my LAN but as far as I can remember it has never been
> possible for me to block LAN access to certain internet hosts/services.
> I always thought this to be a configuration problem on my end and didn't
> bother with it too much since I had no real need for it anyway. But now
> with the disruption of our email services I want to set things a little
> bit tighter and now it has become more of a problem.
> 
> 
> Dennis



More information about the Firewall mailing list