Date: Mon, 6 Mar 2006 21:08:37 -0800 (PST) From: "Freddie Cash" <fcash@ocis.net> To: hackers@freebsd.org Subject: Re: Spam from NAT boxes Message-ID: <61642.24.71.118.34.1141708117.squirrel@webmail.sd73.bc.ca> In-Reply-To: <440CC2F0.4060703@elischer.org> References: <009601c6411b$0d455d90$0e4fdfc8@ironman> <440CC2F0.4060703@elischer.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, March 6, 2006 3:17 pm, Julian Elischer wrote: > Cesar wrote: >> I have some NAT boxes running FreeBSD, each of these boxes do NAT >> for like 100+ people. Almost everyday my IPs got blacklisted because >> of spam. I cant block the smtp traffic going out became some people >> need it to send true e-mails. Are there any tool to detect/block >> those spams? >> I tought in a program that receive the connection >> diverted/forwarded by ipfw and then deliver it to SpamAssassin ... >> I also have an e-mail server fully configurated with anti-spam, >> anti-virus ... I tried forward to this e-mail server all my NAT box >> tcp connections to port 25. >> ipfw add fwd xx.xx.xx.xx,25 tcp from 192.168.0.0/24 to any 25 >> I got some matches in this rule when I try to send an email, but I >> didnt get redirected to my email server. Install an SMTP server on the firewall. Configure it to listen to 127.0.0.1:25 only. Configure it to relay all messages it receives to the SMTP server that runs virus/spam filters. Then add the fwd rule to forward all outgoing messages to the local SMTP server. This is the setup we use. We have a central mail/virus SMTP gateway that handles all incoming and outgoing spam/virus filtering. All outgoing port 25 traffic at the NAT'd sites is redirected to an SMTP server on the firewall, then redirected to the mail gateway for scanning, then out to the Internet. Works like a charm. The other nice thing about this setup is that you can trace the received from: headers all the way back to the originating computer if there are problems. ---- Freddie Cash fcash@ocis.net
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?61642.24.71.118.34.1141708117.squirrel>