[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Blocking SMTP

To: klug@xxxxxxxxxxxxxxxx
Subject: Re: Blocking SMTP
From: Bruce Smith <bruce@xxxxxxxxxxx>
Date: Tue, 07 Apr 1998 10:14:43 EDT
In-Reply-To: <Pine.LNX.3.96.980407093840.31242A-100000@littleboy.morrison.iserv.net>; from "Adam" at Apr 7, 98 9:51 am

> I have always had the following rules on my Linux Firewall:
> 
> type  prot source               destination          ports
> acc/m tcp  backbone/24          anywhere             any -> any
> acc/m udp  backbone/24          anywhere             any -> any
> 
> 
> Which lets anyone attach to my network access the internet from their
> workstation/PC.  Thats all well and good.  This firewall is also an
> SMTP/sendmail forwarder.  That is all incoming mail goes to the firewall,
> and all outgoing mail goes to the firewall,  and then from there to
> wherever.  And is recorded in the maillog as it goes.
> 
> Now I've got workstations and PC's out their with apps capable of sendming
> e-mail.  Nothing is to stop them from just blasting it out to the
> Internet,  and it would not be recorded in the maillog.  What I want to do
> is continue masq.  just like before but block port 25 (SMTP) so that no
> mail can get out except through the firewall.
> 
> What I've tried is :
> ipfwadm -F -i reject -P tcp -Sbackbone/24 25 -D0.0.0.0/0
> which results in:
> rej   tcp  backbone/24          anywhere             smtp -> any
> acc/m tcp  backbone/24          anywhere             any -> any
> acc/m udp  backbone/24          anywhere             any -> any
> 
> But from a box on the inside i can still 'telnet mail.rust.net 25' and get
> their SMTP server.  I've tried some other wierd combinations but can't
> seem to come up with a rule to kill that traffic.  It has been awhile
> since I really did much work with ipfw, so maybe I'm missgin something
> obvious.
> 
> Any help would be greatly appreciated.

I have a setup something like yours.  I have one SMTP server, that
receives all email and forwards it inside the firewall to another
SMTP server for the users.  It also relays all outgoing email.

This is enforced by my firewall.  Users cannot send email directly
to the internet without going through the SMTP relay.

However . . . I'm not using Linux as my firewall, so I can't tell
you how to do it with Linux.  I might be able to help you somewhat
in telling what ports to block/allow, but can't help with the code.

I also have it setup so users MUST go through my proxy server to 
access the internet for HTTP and FTP.  The proxy requires authorization,
which allows me to limit internet access to only certain people.

The details of this is much easier for me to explain by drawing some 
pictures.  Perhaps we could could discuss it further at tonights meeting?

--------------------------------------------
Bruce Smith                bruce@armintl.com
System Administrator / Network Administrator
Armstrong International, Inc.
Three Rivers, Michigan  49093  USA
--------------------------------------------

References:
- Blocking SMTP
  - From: Adam

Prev by Date: Blocking SMTP
Next by Date: X Term Oddity (resource issue?)
Prev by thread: Blocking SMTP
Next by thread: Re: Blocking SMTP
Index(es):
- Date
- Thread