[NTLUG:Discuss] IPChains rules (kernel 2.2) to limit smtp port 25 access

Paul Ingendorf pauldy at wantek.net
Mon Jul 29 18:22:19 CDT 2002 

This really depends on your network topology.

----------------
|              |
|  Internet    |
|              |
----------------
       |
----------------
|              |
|   Gateway    |
|              |
----------------
       |
----------------  ----------------
|              |  |              |
|  Switches    |--|  Local Users |
|              |  |              |
----------------  ----------------
        |
----------------
|     SMTP     |
|    Server    |
|              |
----------------


Excuse the poor asci art I'm out of practice.

In this type of setup were your smtp server are internal to your network you simply block off all outside port 25 access by default.  Then you allow outbound port 25 traffic only from your smtp server.

In ipchains you would do that with the following.

ipchains -A INPUT -s ! x.x.x.x/32 -p tcp --destination-port 25 -j REJECT

If your smtp server is on the other side of your firewall you may need to change rule from a source address to a destination address.

ipchains -A INPUT -d ! x.x.x.x/32 -p tcp --destination-port 25 -j REJECT

This would be the easy way of doing it and these are just two ways you might be configured and if they are incorrect assumptions just post a follow-up with the correct configuration.


-----Original Message-----
From: discuss-admin at ntlug.org [mailto:discuss-admin at ntlug.org]On Behalf
Of Bug Hunter
Sent: Monday, July 29, 2002 5:11 PM
To: discuss at ntlug.org
Subject: [NTLUG:Discuss] IPChains rules (kernel 2.2) to limit smtp port
25 access



  I need to limit smtp port 25 access to servers on our network.  We have
a class c network with smtp servers, and a firewall. The users behind the
firewall are going out to the internet and bouncing off of servers in
china, etc.

 I want to limit them to our smtp server so that we can more easily track
them down and grind them into a pulp and stomp them and ....... shudder.


  The firewall is a smoothwall firewall.  I have customized it, but I'm
not sure of the rules that would limit the smtp access.


  The users may be dialing in, and they may be coming in off of other
machines not easily traceable.

bug




_______________________________________________
http://www.ntlug.org/mailman/listinfo/discuss

More information about the Discuss mailing list