From owner-freebsd-questions@FreeBSD.ORG Tue Sep 12 20:34:05 2006 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A1FD716A415 for ; Tue, 12 Sep 2006 20:34:05 +0000 (UTC) (envelope-from wmoran@collaborativefusion.com) Received: from mx00.pub.collaborativefusion.com (mx00.pub.collaborativefusion.com [206.210.89.199]) by mx1.FreeBSD.org (Postfix) with ESMTP id C805C43D5E for ; Tue, 12 Sep 2006 20:34:03 +0000 (GMT) (envelope-from wmoran@collaborativefusion.com) Received: from collaborativefusion.com (mx01.pub.collaborativefusion.com [206.210.89.201]) (TLS: TLSv1/SSLv3,256bits,AES256-SHA) by wingspan with esmtp; Tue, 12 Sep 2006 16:34:03 -0400 id 00056425.450719BB.0000D22B Received: from Internal Mail-Server (206.210.89.202) by mx01 (envelope-from wmoran@collaborativefusion.com) with AES256-SHA encrypted SMTP; 12 Sep 2006 16:31:14 -0400 Date: Tue, 12 Sep 2006 16:34:02 -0400 From: Bill Moran To: Chuck Swiger Message-Id: <20060912163402.fe6d7325.wmoran@collaborativefusion.com> In-Reply-To: References: <7269D41C-C334-44DC-9549-ACB28F79014A@chrononomicon.com> <20060912160830.b7a91061.wmoran@collaborativefusion.com> Organization: Collaborative Fusion X-Mailer: Sylpheed version 2.2.7 (GTK+ 2.8.20; i386-portbld-freebsd6.1) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Cc: freebsd-questions@freebsd.org, Bart Silverstrim Subject: Re: forwarding as a gateway, logging certain traffic X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 12 Sep 2006 20:34:05 -0000 In response to Chuck Swiger : > On Sep 12, 2006, at 1:08 PM, Bill Moran wrote: > >> Is there some way to get the FreeBSD system to log machines using > >> port 25 without interfering with the FreeBSD machine's filtering of > >> email function? Or at least make the traffic visible to sniffing > >> with tcpdump or wireshark or ethereal? > > > > Off the top of my head ... > > ipfw add 25 log tcp from any to any 25 > > should work. There are certain kernel configs you have to have in > > place for logging to work, though. > > Better to use something like: > > ipfw add 1 log tcp from any to me 25 setup Yeah, that would be more concise. As a more permanent solution, why not set up ipfw on the FreeBSD machine to refuse to allow this to happen ever? ipfw add 5 allow tcp from any to me 25 setup ipfw add 6 allow tcp from me to any 25 setup ifpw add 7 drop tcp from any to any 25 setup I don't remember the rest of the rulset, but if you have an "established" rule, this should force all SMTP to use this machine as a relay, although you may need to tweak the rules to get them working right around nat. -- Bill Moran Collaborative Fusion Inc. **************************************************************** IMPORTANT: This message contains confidential information and is intended only for the individual named. If the reader of this message is not an intended recipient (or the individual responsible for the delivery of this message to an intended recipient), please be advised that any re-use, dissemination, distribution or copying of this message is prohibited. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. E-mail transmission cannot be guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses. The sender therefore does not accept liability for any errors or omissions in the contents of this message, which arise as a result of e-mail transmission. ****************************************************************