Spam from NAT boxes
Freddie Cash
fcash at ocis.net
Mon Mar 6 21:08:44 PST 2006
On Mon, March 6, 2006 3:17 pm, Julian Elischer wrote:
> Cesar wrote:
>> I have some NAT boxes running FreeBSD, each of these boxes do NAT
>> for like 100+ people. Almost everyday my IPs got blacklisted because
>> of spam. I cant block the smtp traffic going out became some people
>> need it to send true e-mails. Are there any tool to detect/block
>> those spams?
>> I tought in a program that receive the connection
>> diverted/forwarded by ipfw and then deliver it to SpamAssassin ...
>> I also have an e-mail server fully configurated with anti-spam,
>> anti-virus ... I tried forward to this e-mail server all my NAT box
>> tcp connections to port 25.
>> ipfw add fwd xx.xx.xx.xx,25 tcp from 192.168.0.0/24 to any 25
>> I got some matches in this rule when I try to send an email, but I
>> didnt get redirected to my email server.
Install an SMTP server on the firewall. Configure it to listen to
127.0.0.1:25 only. Configure it to relay all messages it receives to
the SMTP server that runs virus/spam filters. Then add the fwd rule
to forward all outgoing messages to the local SMTP server.
This is the setup we use. We have a central mail/virus SMTP gateway
that handles all incoming and outgoing spam/virus filtering. All
outgoing port 25 traffic at the NAT'd sites is redirected to an SMTP
server on the firewall, then redirected to the mail gateway for
scanning, then out to the Internet. Works like a charm.
The other nice thing about this setup is that you can trace the
received from: headers all the way back to the originating computer if
there are problems.
----
Freddie Cash
fcash at ocis.net
More information about the freebsd-hackers
mailing list