Using IPFW to redirect all outgoing SMTP traffic to localhost

Chuck Swiger cswiger at
Thu Jun 22 13:08:15 UTC 2006

Kieran Simkin wrote:
> I have an IPFW question that I'm a bit stuck on and
> could do with some help. Basically what I'm trying to do is count and
> limit the number of e-mails each user on the system is allowed to send.
> I've got this working fine within the e-mail server and everything's
> dandy, except for the fact that it's easy to bypass the mail server by
> making direct SMTP connections to the target hosts. 

Yes.  Use the firewall to do something like:

ipfw add pass tcp from any to MAILSERVER 25 keep-state
ipfw add pass tcp from MAILSERVER to any 25 keep-state
ipfw add unreach filter-prohib log tcp from any to any 25

(I suppose you could use a deny instead, but getting an actual ICMP error is 
probably more useful in this situation....)


More information about the freebsd-questions mailing list