On Mon, Jan 22, 2007 at 06:23:56PM +0100, Magnus Holmgren wrote:
> > can you give me direction on how to setup firewall so other program
> > can't sending mail directly with SMTP?
>
> With iptables, it depends on whether there is a different mail gateway that
> all outgoing mail is supposed to go through. If so, you can simply block all
> outgoing packets to port 25 from all hosts except that one:
>
> iptables -A OUTPUT -o eth1 -s '!' <gateway-IP> -p tcp --dport 25 -j REJECT
>
> (assuming that eth1 is the (only) interface connected to the outside world).
Actually, you'll want to use the FORWARD chain, because the OUTPUT chain is
traversed by packets originating from this machine only.
--
2. That which causes joy or happiness.
