drop all out going SMTP connection bar two

drop all out going SMTP connection bar two

[Simon Loewen]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512



Hi,

I would like to drop all out going SMTP connections through our router
except smtp1.internal and smtp2.internal on all of the outbound
interfaces.  I would like to filter on the destination port 25.

Would this be easy to do?

Thanks for any advise,
S.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFEz9rCkcP1ZXUvpGURCrZ7AJ4haVmH4Hypjq6LjgBFRNFav6EQ1QCgkMkk
m4I4NLc3u12NXg2cOwdrCxE=
=kQ8+
-----END PGP SIGNATURE-----

Re: drop all out going SMTP connection bar two

[Gáspár Lajos]

Simon Loewen :
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA512
>
>
>
> Hi,
>
> I would like to drop all out going SMTP connections through our router
> except smtp1.internal and smtp2.internal on all of the outbound
> interfaces.  I would like to filter on the destination port 25.
>
> Would this be easy to do?
>
> Thanks for any advise,
> S.
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.4 (GNU/Linux)
>
> iD8DBQFEz9rCkcP1ZXUvpGURCrZ7AJ4haVmH4Hypjq6LjgBFRNFav6EQ1QCgkMkk
> m4I4NLc3u12NXg2cOwdrCxE=
> =kQ8+
> -----END PGP SIGNATURE-----
>
Try this:

iptables -t filter -A FORWARD -j ACCEPT -p tcp -d ip.of.smtp1 --dport 25
iptables -t filter -A FORWARD -j ACCEPT -p tcp -d ip.of.smtp2 --dport 25
iptables -t filter -A FORWARD -j DROP -p tcp --dport 25

In our network I have redirected all smtp traffic to our internal SMTP 
server and then allowed that server to send e-mails... :)