Link to home
Start Free TrialLog in
Avatar of Rabeyc
Rabeyc

asked on

What are the Linux firewall rules for only email data and is there a way for Linux to control <br><br><br>unsolicited mail?


MY LINUX SERVER IS AN INTERMEDIARY BETWEEN THE INTERNET AND MY INTERNAL NETWORK.  IT USES A NIC TO CONNECT TO THE INTERNET AND A SECOND NIC TO CONNECT TO THE INTERNAL NETWORK.  INBOUND MAIL COMES IN FROM THE INTERNET TO THE LINUX SERVER WHICH IS THE DEFINED EMAIL SERVER ON THE INTERNIC.  THE LINUX SERVER THEN ROUTES ALL MAIL WITH THE DOMAIN ADDRESS TO THE INTERNAL NETWORK TO A WINNT SERVER WHICH HAS MS EXCANGE SERVER 5.5.  
OUTBOUND MAIL IS RECEIVED BY THE INTERNAL EXCHANGE SERVER AND ROUTED TO THE LINUX SERVER WHICH SENDS IT OUT TO THE INTERNET.
ALL THE ABOVE WORKS WELL EXCEPT WHEN I ENABLE THE IPCHAINS RULES AS DESCRIBED BELOW NO MAIL IS TRANSFERRED IN EITHER DIRECTIONS.
IT SEEMS THAT THE RULES NEED TO CHANGE FOR THE SCENARIO DESCRIBED ABOVE.  I HAVE TRIED MANY COMBINATIONS OF RULES TO CONFIGURE IT TO ACCEPT ONLY MAIL AND TO BLOCK ALL OTHER SERVICES BUT THE MAIL IS STILL ONLY QUEUED AND NOT SENT.

THANKS





With the ipchains firewall rules mail is not being relayed in any direction.  If all my outbound mail is routed to my Linux server from one internal server shouldn't this be factored in the firewall rules?

The iptables options did not work maybe I don't have it enabled.

The ipchains options worked.  I then enabled IP forwarding.
Subsequently I could not browse on the Internet or even ping the server which is fine!  However, I rebooted and then I could browse again from the server.  Does rebooting reset the ipchain settings? If so, do I need to reapply the commands?

Thanks
rabeyc



This Linux server is intended only to route mail (pass thru).  However, I would like to configure the Linux firewall to block all other types of connections and data and would like to know where and how to configure Linux to achieve that.

Thanks
rabeyc
Avatar of ahoffmann
ahoffmann
Flag of Germany image
iptables -F
iptables -P INPUT DROP
iptables -P OUTPUT DROP
iptables -P FORWARD DROP
iptables -A FORWARD -p tcp -d your-mailserver --dport 25 -j ACCEPT
iptables -A FORWARD -p tcp -s your-mailserver --dport 25 -j ACCEPT

> .. control or stop unsolicited mail ..
what exactly is unsolicited mail in your terms?
ASKER CERTIFIED SOLUTION
Avatar of zdpl0a
zdpl0a
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of kiranghag
kiranghag
rebooting does remove the rules ( this had won me a prize in an networking contest)
two questions to solve, on on linux, other windows.
i could do the linux first rebooted to windows, solved it. later when back to linux, i could solve the linux one also....:)))) )
Avatar of hnminh
hnminh
Flag of Australia image
Dealing with junk mail is a different story from these firewall rules, depending on your current email server software. Let people know the software if you still want to go on with this issue...
Avatar of Rabeyc
Rabeyc

ASKER

The answer did not quite resolve the problem. Actually I stopped getting mail inbound and outbound and had to disable the ipchains by rebooting.
Avatar of Rabeyc
Rabeyc

ASKER

The answer did not quite resolve the problem. Actually I stopped getting mail inbound and outbound and had to disable the ipchains by rebooting.