Using IPFW to redirect all outgoing SMTP traffic to localhost
kieran at slinq.com
Thu Jun 22 11:52:50 UTC 2006
I have an IPFW question that I'm a bit stuck on and
could do with some help. Basically what I'm trying to do is count and
limit the number of e-mails each user on the system is allowed to send.
I've got this working fine within the e-mail server and everything's
dandy, except for the fact that it's easy to bypass the mail server by
making direct SMTP connections to the target hosts.
What I need to
be able to do is force all connections to any host on port 25 to be
redirected to localhost. Ideally I'd just be able to forward all outgoing
connections with dst port 25 to localhost. If this is not possible, I
would be happy to simply firewall all outbound traffic with dst port
There is a caveat:
I need port 25 redirection/blocking to
occur for all users except those which I name (ie, the mailserver and
certain admin users). Of course, the mail server must be able to send
e-mail to external hosts, and I'd like certain other users on the system
to be able to do this as well.
To be honest I'm not really sure
where to start writing an IPFW rule to do this - and pointers would be
More information about the freebsd-questions