From owner-freebsd-security@FreeBSD.ORG  Tue May 11 21:27:08 2004
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 8300916A4CE
	for <freebsd-security@freebsd.org>;
	Tue, 11 May 2004 21:27:08 -0700 (PDT)
Received: from gw.visp.com.au (gw.visp.com.au [202.6.158.130])
	by mx1.FreeBSD.org (Postfix) with ESMTP id BC91043D1D
	for <freebsd-security@freebsd.org>;
	Tue, 11 May 2004 21:27:07 -0700 (PDT)
	(envelope-from tim@spyderweb.com.au)
Received: from bofh.spyderweb.com.au (202-6-150-37.ip.visp.com.au
	[202.6.150.37] (may be forged))
	by gw.visp.com.au (8.12.8p2/8.12.8) with ESMTP id i4C4RBkH027147
	for <freebsd-security@freebsd.org>;
	Wed, 12 May 2004 13:57:11 +0930 (CST)
	(envelope-from tim@spyderweb.com.au)
Received: from spyderweb.com.au (localhost [127.0.0.1])i4C4R8ic084388
	for <freebsd-security@freebsd.org>;
	Wed, 12 May 2004 13:57:08 +0930 (CST)
	(envelope-from tim@spyderweb.com.au)
Date: Wed, 12 May 2004 13:57:08 +0930
From: Tim Aslat <tim@spyderweb.com.au>
To: freebsd-security@freebsd.org
Message-Id: <20040512135708.219d1a5e@bofh.spyderweb.com.au>
In-Reply-To: <20040512115607.23ac80ea@bofh.spyderweb.com.au>
References: <20040512115607.23ac80ea@bofh.spyderweb.com.au>
Organization: Spyderweb Consulting
X-Mailer: Sylpheed version 0.9.10claws (GTK+ 1.2.10;
	i386-portbld-freebsd5.2.1)
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Subject: Re: quick FW question [SOLVED]
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Security issues [members-only posting]
	<freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>,
	<mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>,
	<mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 12 May 2004 04:27:08 -0000

Problem solved.

Here's the answer (for the archives)

# block all SMTP traffic from inside to out while letting the server
# through
ipfw add allow tcp from any to me 25
ipfw add allow tcp from me to any 25
ipfw add deny tcp from any to any dst-port 25

This prevents any host within the network from sending directly to an
SMTP server outside the network.

Thanks to "D J Hawkey Jr <hawkeyd@visi.com>" for helping me out with
this.

Cheers

Tim

-- 
Tim Aslat <tim@spyderweb.com.au>
Spyderweb Consulting
http://www.spyderweb.com.au
Phone: +61 0401088479