Autor: Renaud Allard Datum: To: Josip Rodin CC: exim-users Betreff: Re: [exim] my IP blacklisted at CBL issues with HELO'ing
Josip Rodin wrote: > On Mon, Jan 22, 2007 at 06:23:56PM +0100, Magnus Holmgren wrote:
>>> can you give me direction on how to setup firewall so other program
>>> can't sending mail directly with SMTP?
>> With iptables, it depends on whether there is a different mail gateway that
>> all outgoing mail is supposed to go through. If so, you can simply block all
>> outgoing packets to port 25 from all hosts except that one:
>>
>> iptables -A OUTPUT -o eth1 -s '!' <gateway-IP> -p tcp --dport 25 -j REJECT
>>
>> (assuming that eth1 is the (only) interface connected to the outside world).
>
> Actually, you'll want to use the FORWARD chain, because the OUTPUT chain is
> traversed by packets originating from this machine only.
>
If unwanted programs sending mails run on the same machine, you can even
filter by uid:
iptables -t nat -A OUTPUT -p tcp --dport 25 -m owner --uid-owner exim -j
ACCEPT
iptables -t nat -A OUTPUT -p tcp --dport 25 -j DROP