This is a discussion on Unable to block port 25 for all hosts except email server. - Security ; Can someone help me with this issue? I'm trying to block all outgoing traffic over port 25, except from my company's Exchange server. Unfortunately everything I try either does nothing or blocks port 25 for everything, including the Exchange server. ...
Can someone help me with this issue? I'm trying to block all outgoing
traffic over port 25, except from my company's Exchange server.
Unfortunately everything I try either does nothing or blocks port 25
for everything, including the Exchange server.
The internal interface is eth0, eth1 is external.
INTERNALNET1=172.16.0.0/12
INTERNALNET2=172.17.0.0/12
INTERNALNET3=10.2.0.0/16
INTERNALNET4=10.3.0.0/16
REMOTENET is defined as 0/0
-------------
Here is the code that I'm trying to run...
BLOCKSMTP=YES
EXCHHOST=172.16.25.20
Attempt #1
----------
# Block SMTP for all but Exchange Server
if [ "$BLOCKSMTP" = "YES" ]; then
echo "Blocking SMTP for all devices except the Exchange server..."
$IPCHAINS -A output -p tcp -s ! $EXCHHOST -d $REMOTENET 25 -l -i
eth1 -j DENY
fi
Attempt #2
----------
# Block SMTP for all but Exchange Server
if [ "$BLOCKSMTP" = "YES" ]; then
echo "Blocking SMTP for all devices except the Exchange server..."
$IPCHAINS -A output -p tcp -s $INTERNALNET1 -d $REMOTENET 25 -l -i
eth1 -j DENY
$IPCHAINS -A output -p tcp -s $INTERNALNET2 -d $REMOTENET 25 -l -i
eth1 -j DENY
$IPCHAINS -A output -p tcp -s $INTERNALNET3 -d $REMOTENET 25 -l -i
eth1 -j DENY
$IPCHAINS -A output -p tcp -s $INTERNALNET4 -d $REMOTENET 25 -l -i
eth1 -j DENY
$IPCHAINS -A output -p tcp -s $EXCHHOST -d $REMOTENET 25 -l -i eth1 -
j ACCEPT
fi
Attempt #3
----------
# Block SMTP for all but Exchange Server
if [ "$BLOCKSMTP" = "YES" ]; then
echo "Blocking SMTP for all devices except the Exchange server..."
$IPCHAINS -A output -p tcp -d $REMOTENET 25 -l -j DENY
$IPCHAINS -A output -p tcp -s $EXCHHOST -d $REMOTENET 25 -l -j
ACCEPT
fi
I have tried all of the above options with and without the "-i eth1"
with no luck. I have also removed variables and replace them with
actual networks and IPs.
Attempt 1 (with or without "-i eth1") all machines are blocked from
port 25 outgoing, including the Exchange server.
Attempt 2 (with or without "-i eth1") nothing is blocked. I even
tried removing the last line of it "$IPCHAINS -A output -p tcp -s
$EXCHHOST -d $REMOTENET 25 -l -j ACCEPT" and still it allows me to
connect over port 25 to external hosts on any machine in the building.
Attempt 3 (with or without "-i eth1") all machines are blocked from
port 25 outgoing, including the Exchange server.
Any help would be greatly appreciated.
- Chris
