Date: Wed, 12 May 2004 13:11:10 +0930 From: Tim Aslat <tim@spyderweb.com.au> To: freebsd security list <freebsd-security@freebsd.org> Subject: Re: quick FW question Message-ID: <20040512131110.65e9ab02@bofh.spyderweb.com.au> In-Reply-To: <20040512030648.GA2102@sheol.localdomain> References: <20040512115607.23ac80ea@bofh.spyderweb.com.au> <20040512030648.GA2102@sheol.localdomain>
next in thread | previous in thread | raw e-mail | index | archive | help
In the immortal words of D J Hawkey Jr <hawkeyd@visi.com>... > Set up the mail server as the hub for your internal network, and have > the workstations forward mail to it. If you're running sendmail on the > workstations, put this in their .mc file: > define(`SMART_HOST', `smtp:mailhub.privatedomain') > And rebuild their sendmail.cf (I use the same .mc file for all U**X > boxen on my network, except for the mail hub). Basically, just point > all internal boxen's mailers to the hub. I'm using Exim, and I already have this part working (smart host) > My mail hub, in turn, defines SMART_HOST to be my ISP's mail cluster, > and I define MASQUERADE_AS to be my ISP's domain (I use the feature > masquerade_envelope, too). You might not be able to do this, of > course, it'll depend on your connectivity. Not really required for this particular setup. > You'll need an MX record set up for the mail hub in your DNS. Got one :) > Given the above approach, the only thing I have in my firewall for > SMTP is a rule for stateful outbound on ports 25 and 995 (I use SSL- > enabled POP3 to download incoming mail from my ISP's mail cluster). Hmmm, that doesn't really solve my problem, but it's useful to have in the archives anyhow. What I want to do is grab any outgoing packets bound for a port 25 and redirect them back to the local mailserver which has spam/virus filtering. This should eliminate problems of viruses/trojans which use their own internal smtp servers to propogate themselves, coming from this network. The reason for this approach is the domain in question being RBL'd a couple of days ago after one of the machines in this network had a virus(actually a couple of thousand of various types). Cheers Tim -- Tim Aslat <tim@spyderweb.com.au> Spyderweb Consulting http://www.spyderweb.com.au Phone: +61 0401088479
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040512131110.65e9ab02>