From owner-freebsd-questions@FreeBSD.ORG Thu Jun 22 11:52:50 2006 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 42E6E16A474 for ; Thu, 22 Jun 2006 11:52:50 +0000 (UTC) (envelope-from kieran@slinq.com) Received: from muon.digital-crocus.com (muon.digital-crocus.com [208.101.15.162]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5D9A243DC0 for ; Thu, 22 Jun 2006 11:52:41 +0000 (GMT) (envelope-from kieran@slinq.com) Received: from localhost ([127.0.0.1] helo=mail.digital-crocus.com) by muon.digital-crocus.com with esmtp (Exim 4.62 (FreeBSD)) (envelope-from ) id 1FtNjj-000KzF-6Q for freebsd-questions@freebsd.org; Thu, 22 Jun 2006 12:52:41 +0100 Received: from 80.42.67.159 (SquirrelMail authenticated user kieran) by mail.digital-crocus.com with HTTP; Thu, 22 Jun 2006 11:52:39 -0000 (UTC) Message-ID: <1332.80.42.67.159.1150977159.squirrel@mail.digital-crocus.com> Date: Thu, 22 Jun 2006 11:52:39 -0000 (UTC) From: "Kieran Simkin" To: freebsd-questions@freebsd.org User-Agent: SquirrelMail/1.4.6 MIME-Version: 1.0 X-Priority: 3 (Normal) Importance: Normal X-Spam-Score: -3.9 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 8bit X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Subject: Using IPFW to redirect all outgoing SMTP traffic to localhost X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: kieran@slinq.com List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 22 Jun 2006 11:52:50 -0000 Hi Guys, I have an IPFW question that I'm a bit stuck on and could do with some help. Basically what I'm trying to do is count and limit the number of e-mails each user on the system is allowed to send. I've got this working fine within the e-mail server and everything's dandy, except for the fact that it's easy to bypass the mail server by making direct SMTP connections to the target hosts. What I need to be able to do is force all connections to any host on port 25 to be redirected to localhost. Ideally I'd just be able to forward all outgoing connections with dst port 25 to localhost. If this is not possible, I would be happy to simply firewall all outbound traffic with dst port 25. There is a caveat: I need port 25 redirection/blocking to occur for all users except those which I name (ie, the mailserver and certain admin users). Of course, the mail server must be able to send e-mail to external hosts, and I'd like certain other users on the system to be able to do this as well. To be honest I'm not really sure where to start writing an IPFW rule to do this - and pointers would be greatly appreciated. Best regards, ~Kieran Simkin Digital Crocus