Using IPFW to redirect all outgoing SMTP traffic to localhost
Chuck Swiger
cswiger at mac.com
Thu Jun 22 13:08:15 UTC 2006
Kieran Simkin wrote:
> I have an IPFW question that I'm a bit stuck on and
> could do with some help. Basically what I'm trying to do is count and
> limit the number of e-mails each user on the system is allowed to send.
> I've got this working fine within the e-mail server and everything's
> dandy, except for the fact that it's easy to bypass the mail server by
> making direct SMTP connections to the target hosts.
Yes. Use the firewall to do something like:
ipfw add pass tcp from any to MAILSERVER 25 keep-state
ipfw add pass tcp from MAILSERVER to any 25 keep-state
ipfw add unreach filter-prohib log tcp from any to any 25
(I suppose you could use a deny instead, but getting an actual ICMP error is
probably more useful in this situation....)
--
-Chuck
More information about the freebsd-questions
mailing list