Peter Peltonen wrote:
I have a qmailtoaster in a quite big LAN. One of the computers in the
LAN is sending spam. How do I find out which host is to blame?
And would someone have an iptables rule that would prevent this (the
server is acting as a NAT gateway as well)? The hosts in the LAN
should be allowed to contact only the ISP's SMTP server. From the
qmailtoaster only email generated from the server itself (for example
from Squirrelmail it is running) should be allowed to be sent further.
Best,
Peter
Hey Peter,
There are likely to be several ways you could construct rules for
iptables that would remedy your situation. In a nutshell, it sounds like
you want to disallow port 25 traffic from the LAN to the outside world,
and log any attempts that do so you can identify the offending host.
Conceptually, you'd say "if the input interface is the lan, and the out
interface is the wan, and the destination port is 25, then log and
reject it". I think the iptables rule(s) would look like this:
-A FORWARD -i eth0 -o eth1 -p tcp -m tcp --dport 25 -j LOG
-A FORWARD -i eth0 -o eth1 -p tcp -m tcp --dport 25 -j DROP
Be sure to substitute the appropriate device names for eth0 and eth1. In
this example, eth0 would be the lan and eth1 the wan.
I'm not an iptables expert, but I'm reasonably sure this will do what
you're looking for. Please post back your results.
--
-Eric 'shubes'
---------------------------------------------------------------------------------
Qmailtoaster is sponsored by Vickers Consulting Group
(www.vickersconsulting.com)
Vickers Consulting Group offers Qmailtoaster support and installations.
If you need professional help with your setup, contact them today!
---------------------------------------------------------------------------------
Please visit qmailtoaster.com for the latest news, updates, and packages.
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
