From owner-freebsd-hackers@FreeBSD.ORG Tue Mar 7 05:08:44 2006 Return-Path: X-Original-To: hackers@freebsd.org Delivered-To: freebsd-hackers@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id ABCA616A422 for ; Tue, 7 Mar 2006 05:08:44 +0000 (GMT) (envelope-from fcash@ocis.net) Received: from smtp.sd73.bc.ca (smtp.sd73.bc.ca [142.24.13.140]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4867743D4C for ; Tue, 7 Mar 2006 05:08:44 +0000 (GMT) (envelope-from fcash@ocis.net) Received: from localhost (localhost [127.0.0.1]) by localhost.sd73.bc.ca (Postfix) with ESMTP id 7FC788A0044 for ; Mon, 6 Mar 2006 21:12:24 -0800 (PST) Received: from smtp.sd73.bc.ca ([127.0.0.1]) by localhost (smtp.sd73.bc.ca [127.0.0.1]) (amavisd-new, port 10024) with LMTP id 40046-02-87 for ; Mon, 6 Mar 2006 21:12:18 -0800 (PST) Received: from webmail.sd73.bc.ca (unknown [10.10.10.17]) by smtp.sd73.bc.ca (Postfix) with ESMTP id 3A7C58A0041 for ; Mon, 6 Mar 2006 21:12:18 -0800 (PST) Received: from webmail.sd73.bc.ca (localhost.localdomain [127.0.0.1]) by webmail.sd73.bc.ca (Postfix) with ESMTP id 4C4459000450 for ; Mon, 6 Mar 2006 21:08:37 -0800 (PST) Received: from 24.71.118.34 (SquirrelMail authenticated user fcash) by webmail.sd73.bc.ca with HTTP; Mon, 6 Mar 2006 21:08:37 -0800 (PST) Message-ID: <61642.24.71.118.34.1141708117.squirrel@webmail.sd73.bc.ca> In-Reply-To: <440CC2F0.4060703@elischer.org> References: <009601c6411b$0d455d90$0e4fdfc8@ironman> <440CC2F0.4060703@elischer.org> Date: Mon, 6 Mar 2006 21:08:37 -0800 (PST) From: "Freddie Cash" To: hackers@freebsd.org User-Agent: SquirrelMail/1.5.1 MIME-Version: 1.0 Content-Type: text/plain;charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Virus-Scanned: by amavisd-new using ClamAV at sd73.bc.ca Cc: Subject: Re: Spam from NAT boxes X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: fcash@ocis.net List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 07 Mar 2006 05:08:44 -0000 On Mon, March 6, 2006 3:17 pm, Julian Elischer wrote: > Cesar wrote: >> I have some NAT boxes running FreeBSD, each of these boxes do NAT >> for like 100+ people. Almost everyday my IPs got blacklisted because >> of spam. I cant block the smtp traffic going out became some people >> need it to send true e-mails. Are there any tool to detect/block >> those spams? >> I tought in a program that receive the connection >> diverted/forwarded by ipfw and then deliver it to SpamAssassin ... >> I also have an e-mail server fully configurated with anti-spam, >> anti-virus ... I tried forward to this e-mail server all my NAT box >> tcp connections to port 25. >> ipfw add fwd xx.xx.xx.xx,25 tcp from 192.168.0.0/24 to any 25 >> I got some matches in this rule when I try to send an email, but I >> didnt get redirected to my email server. Install an SMTP server on the firewall. Configure it to listen to 127.0.0.1:25 only. Configure it to relay all messages it receives to the SMTP server that runs virus/spam filters. Then add the fwd rule to forward all outgoing messages to the local SMTP server. This is the setup we use. We have a central mail/virus SMTP gateway that handles all incoming and outgoing spam/virus filtering. All outgoing port 25 traffic at the NAT'd sites is redirected to an SMTP server on the firewall, then redirected to the mail gateway for scanning, then out to the Internet. Works like a charm. The other nice thing about this setup is that you can trace the received from: headers all the way back to the originating computer if there are problems. ---- Freddie Cash fcash@ocis.net