Linux Sendmail Outgoing mail problem

Posted on 2004-11-16
Last Modified: 2008-03-10
Hi all experts :o)

I have a setup that is the following:
Linux in Bridge mode with sendmail and snort


Eth0+eth1=no ipaddress
eth2= and is running sendmail
local mailserver is

So when i receive email from internet my router points the mail to port 25 of the eth2 it is being scanned by clam and sendmail is configured to forward to local mail server on

The problem is how do i do it from local lan and out?
I need some way to force all port 25 traffic to eth2 ?
Question by:benjsh
    LVL 5

    Expert Comment

    you can use iptables DNAT to redirect the traffic

    Have a look at this previous qustion

    Author Comment

    Ok I tried
    Rotuer----Eth0(no ip)---Snortinline box-eth1(no ip)---LocalLan-Mailserver
    eth2 has and the mail server has
    running in bridge mode:

    ifconfig eth0 down
    ifconfig eth1 down
    brctl addbr br0
    brctl stp br0 off
    brctl addif br0 eth0
    brctl addif br0 eth1
    ifconfig br0 up
    ifconfig eth0 up
    ifconfig eth1 up
    ifconfig eth2 netmask up
    modprobe ip_queue
    iptables -t nat -A PREROUTING -i br0 -p tcp --dport 25 -j DNAT --to-destination
    iptables -A FORWARD -j QUEUE

    this seems to work for local users when they telnet 25 they get the local mail server but people from the internet that telnet 25 simple dont get any connection at all.

    Do you see the setup?
    LVL 5

    Expert Comment

    Im not so sure becuase Im not an expert on network bridging you could try and replace the -i br0 with two iptables lines for each real interface eth0 eth1

    Author Comment

    I tried to replace it and the problem is that:
    when i put eth2 in the local lan
    it works from inside and out but not internet and in
    and if i put eth2 in the dsl router it works from internet and in but not from local lan and out

    So is there a way so the same cable can see both internal and external network places so it would work?
    LVL 9

    Accepted Solution

    Hi :-)

    The target you should use is REDIRECT rather than DNAT

    /sbin/iptables -t nat -I PREROUTING -i br0 -s -p tcp --dport 25 -j REDIRECT --to-port 25

    Or maybe

    /sbin/iptables -t nat -I PREROUTING -i eth0 -s -p tcp --dport 25 -j REDIRECT --to-port 25

    In order to issue something like -i eth0, you need ebtables (see EBTables, is included on the mainstream 2.6 kernel but needed to be patched to a 2.4 kernel.


    Featured Post

    Why You Should Analyze Threat Actor TTPs

    After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

    Join & Write a Comment

    I have seen several blogs and forum entries elsewhere state that because NTFS volumes do not support linux ownership or permissions, they cannot be used for anonymous ftp upload through the vsftpd program.   IT can be done and here's how to get i…
    Note: for this to work properly you need to use a Cross-Over network cable. 1. Connect both servers S1 and S2 on the second network slots respectively. Note that you can use the 1st slots but usually these would be occupied by the Service Provide…
    Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
    Polish reports in Access so they look terrific. Take yourself to another level. Equations, Back Color, Alternate Back Color. Write easy VBA Code. Tighten space to use less pages. Launch report from a menu, considering criteria only when it is filled…

    754 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    24 Experts available now in Live!

    Get 1:1 Help Now