Re: [exim] my IP blacklisted at CBL issues with HELO'ing

Page principale
Supprimer ce message
Répondre à ce message
Auteur: Renaud Allard
Date:  
À: Josip Rodin
CC: exim-users
Sujet: Re: [exim] my IP blacklisted at CBL issues with HELO'ing


Josip Rodin wrote:
> On Mon, Jan 22, 2007 at 06:23:56PM +0100, Magnus Holmgren wrote:
>>> can you give me direction on how to setup firewall so other program
>>> can't sending mail directly with SMTP?
>> With iptables, it depends on whether there is a different mail gateway that
>> all outgoing mail is supposed to go through. If so, you can simply block all
>> outgoing packets to port 25 from all hosts except that one:
>>
>> iptables -A OUTPUT -o eth1 -s '!' <gateway-IP> -p tcp --dport 25 -j REJECT
>>
>> (assuming that eth1 is the (only) interface connected to the outside world).
>
> Actually, you'll want to use the FORWARD chain, because the OUTPUT chain is
> traversed by packets originating from this machine only.
>


If unwanted programs sending mails run on the same machine, you can even
filter by uid:

iptables -t nat -A OUTPUT -p tcp --dport 25 -m owner --uid-owner exim -j
ACCEPT
iptables -t nat -A OUTPUT -p tcp --dport 25 -j DROP

--
010100100110010101101110011000010111010101100100
010000010110110001101100011000010111001001100100