[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Blocking SMTP

To: klug@xxxxxxxxxxxxxxxx
Subject: Re: Blocking SMTP
From: Scott Yellig <syellig@xxxxxxxxxxxxxxxx>
Date: Tue, 7 Apr 1998 21:46:37 -0400 (EDT)
In-Reply-To: <Pine.LNX.3.96.980407093840.31242A-100000@littleboy.morrison.iserv.net>

My second phone line STILL is down, so here i am tieing up my only phone
line just to read mail :)

anyway: 

--
-------------------------------------------------------------------------------
         Finger syellig@deepthought.dyndns.com for PGP public keys.
-------------------------------------------------------------------------------

On Tue, 7 Apr 1998, Adam wrote:

What i THINK you need to do here is not use the -F (forwarding, i believe)
flag, but instead the -I (input) or -O (output) flag.

so, im thinking this might do it:

ipfwadm -I -i deny -P tcp -Sbackbone/24 -D0.0.0.0/0 25

or possibly:

	use -O instead of -I

	or reject instead of deny.

Then again, in looking at this line:

> rej   tcp  backbone/24          anywhere             smtp -> any

it looks like its only blocking stuff FROM smtp, (which is why i changed
where the '25' was in the first command i suggested for you to try) when
you wanted to block things TO smtp. SO! It may very well be -F that you
want to use. With that in mind try this line (sorry if this message
follows my train of thought more than any sane order :)

ipfwadm -F -i deny -P tcp -Sbackbone/24 -D0.0.0.0/0 25

That would make sense to use -F now that i rethink it, since you're not
denying normal routed packets, you're denying forwarded packets.

If all this fails, let me know. If Im out of ideas at that point, ill tell
you to read the manual page :)

best of luck.

> type  prot source               destination          ports
> acc/m tcp  backbone/24          anywhere             any -> any
> acc/m udp  backbone/24          anywhere             any -> any
> Now I've got workstations and PC's out their with apps capable of sendming
> e-mail.  Nothing is to stop them from just blasting it out to the
> Internet,  and it would not be recorded in the maillog.  What I want to do
> is continue masq.  just like before but block port 25 (SMTP) so that no
> mail can get out except through the firewall.
> 
> What I've tried is :
> ipfwadm -F -i reject -P tcp -Sbackbone/24 25 -D0.0.0.0/0
> which results in:
> rej   tcp  backbone/24          anywhere             smtp -> any
> acc/m tcp  backbone/24          anywhere             any -> any
> acc/m udp  backbone/24          anywhere             any -> any
> 
> But from a box on the inside i can still 'telnet mail.rust.net 25' and get
> their SMTP server.  I've tried some other wierd combinations but can't
> seem to come up with a rule to kill that traffic.  It has been awhile
> since I really did much work with ipfw, so maybe I'm missgin something
> obvious.
> 
> Any help would be greatly appreciated.
>

Follow-Ups:
- Re: Blocking SMTP
  - From: Shawn Mattingly

References:
- Blocking SMTP
  - From: Adam

Prev by Date: Re: Suggested Meeting Topic
Next by Date: Re: Blocking SMTP
Prev by thread: Re: Blocking SMTP
Next by thread: Re: Blocking SMTP
Index(es):
- Date
- Thread