ipfw configuration to intercept SMTP traffic

Bill Eccles Bill.lists at Eccles.net
Sun Oct 31 12:39:31 PST 2004


Gentleones,

I have a commercial website/mail product running on a box. Unfortunately,
the product is not so smart and when it needs to bounce something, it
ignores the SMTP "Always Relay Via" setting and attempts to connect directly
to the mail exchanger for the domain it's bouncing to.

So what I figure I can do is redirect port 25 of "me" to any to port 25 of
the upstream server at aa.bb.cc.dd. That makes sense, right? So I'd probably
use:

ipfw add 8000 divert 25 all from me to aa.bb.cc.dd via en0

(8000 is OK because the only other rule in there right now is the default at
65535.)

Well, that's what I tried and it looks like the SMTP server is still trying
(and failing) to contact the servers directly. A "telnet somehost.net 25"
executed on this box fails, too, where it should get me the upstream relay
server.

So have I goofed the rule? (Yes.)

OK, then how have I goofed it?

Thanks,
Bill




More information about the freebsd-questions mailing list