Re: Help needed on block SMTP

[Samuel Díaz García <samueldg@arcoscom.com>]

1) I wrote in the first line: "... somethiing as this ...".
2) Me, as you, have the same info about the system in question.
3) I wrote something that can help to solve the problem.
4) If you have the knowledge and the time, put all the posible cases and put
an answer that can cover all posible cases.

Continued in your response:

Dave Ewart writes:

> On Wednesday, 18.05.2005 at 11:37 +0200, Samuel Díaz García wrote:
>
> > You need something as this in your linux router/firewall box:
> >
> > #!/bin/sh
> > ip_mail_srv=a.b.c.d
> >
> > iptables -t filter -A INPUT -d $ip_mail_srv -p tcp --dport 25 --syn -j
> > ACCEPT
> > iptables -t filter -A INPUT -p tcp --dport 25 --syn -j DROP
>
> That doesn't look right.  If the mail server is NOT the same system as
> the firewall, then nothing will pass on the INPUT chain to the firewall
> destined for the mail server.

Do you know where is the smtp server? I don't, I only put 2 options.

> > #the same in FORWARD chain:
> >
> > iptables -t filter -A FORWARD -d $ip_mail_srv -p tcp --dport 25 --syn -j
> > ACCEPT
> > iptables -t filter -A FORWARD -p tcp --dport 25 --syn -j DROP
>
> The first of the above two rules will work partly, but won't allow any SMTP
> traffic *from* the mail server back out ...

Well, 2 solutions (or more):
 1) delete "--syn"
 2) use the tipical "RELATED, ESTABLISHED" rule about.
 3) Propose you some solution more.

> Dave.
> --
> Please don't CC me on list messages!
> ...
> Dave Ewart - davee@sungate.co.uk - jabber: davee@jabber.org
> All email from me is now digitally signed, key from http://www.sungate.co.uk/
> Fingerprint: AEC5 9360 0A35 7F66 66E9 82E4 9E10 6769 CD28 DA92



Samuel Díaz Garcí­a
Director Gerente
ArcosCom Wireless, S.L.L.

mailto:samueldg@arcoscom.com
http://www.arcoscom.com
móvil: 651 93 72 48
tlfn.: 956 70 13 15
fax:   956 70 34 83