• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 454
  • Last Modified:

Linux Sendmail Outgoing mail problem

Hi all experts :o)

I have a setup that is the following:
Linux in Bridge mode with sendmail and snort


Eth0+eth1=no ipaddress
eth2= and is running sendmail
local mailserver is

So when i receive email from internet my router points the mail to port 25 of the eth2 it is being scanned by clam and sendmail is configured to forward to local mail server on

The problem is how do i do it from local lan and out?
I need some way to force all port 25 traffic to eth2 ?
  • 2
  • 2
1 Solution
you can use iptables DNAT to redirect the traffic

Have a look at this previous qustion

benjshAuthor Commented:
Ok I tried
Rotuer----Eth0(no ip)---Snortinline box-eth1(no ip)---LocalLan-Mailserver
eth2 has and the mail server has
running in bridge mode:

ifconfig eth0 down
ifconfig eth1 down
brctl addbr br0
brctl stp br0 off
brctl addif br0 eth0
brctl addif br0 eth1
ifconfig br0 up
ifconfig eth0 up
ifconfig eth1 up
ifconfig eth2 netmask up
modprobe ip_queue
iptables -t nat -A PREROUTING -i br0 -p tcp --dport 25 -j DNAT --to-destination
iptables -A FORWARD -j QUEUE

this seems to work for local users when they telnet mail.somesite.com 25 they get the local mail server but people from the internet that telnet mail.myserver.com 25 simple dont get any connection at all.

Do you see the setup?
Im not so sure becuase Im not an expert on network bridging you could try and replace the -i br0 with two iptables lines for each real interface eth0 eth1
benjshAuthor Commented:
I tried to replace it and the problem is that:
when i put eth2 in the local lan
it works from inside and out but not internet and in
and if i put eth2 in the dsl router it works from internet and in but not from local lan and out

So is there a way so the same cable can see both internal and external network places so it would work?
Hi :-)

The target you should use is REDIRECT rather than DNAT

/sbin/iptables -t nat -I PREROUTING -i br0 -s -p tcp --dport 25 -j REDIRECT --to-port 25

Or maybe

/sbin/iptables -t nat -I PREROUTING -i eth0 -s -p tcp --dport 25 -j REDIRECT --to-port 25

In order to issue something like -i eth0, you need ebtables (see http://ebtables.sf.net). EBTables, is included on the mainstream 2.6 kernel but needed to be patched to a 2.4 kernel.


Featured Post

Get your Conversational Ransomware Defense e‑book

This e-book gives you an insight into the ransomware threat and reviews the fundamentals of top-notch ransomware preparedness and recovery. To help you protect yourself and your organization. The initial infection may be inevitable, so the best protection is to be fully prepared.

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now