Redirect SMTP to an SMTP relay server

hi,

we are an ISP, and we are suffering from many Spams are being sent out our network. Now, I want to redirect the all the outgoing SMTP traffic to the SMTP relay server where I can scan them with the Anti-spam software.

I know that I can redirect the traffic using the PBR, but can any body tell me what's the required configuration in that case?

I have a Cisco 7606 router, and the SMTP relay server is 4 hops away.


regards,
Ameer
LVL 1
ameer_mahmoodAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

ptchubaCommented:
Hi Ameer,

I've thought about your problem and this is what i've come up with. what concerns me though is i don't know how the relay server works. However if all you want is getting that traffic to the relay then this might help.

R1----------R2----------R3---------R4--------R5
 |                                                              |
 |                                                              |
Fa0/0(incoming if)                                y.y.y.y (smtp relay server)

We create a GRE tunnel between R1 and R5. Consider that the tunnel IP address on R5 is x.x.x.5.

Then use the following commands on R1 for PBR

R1
access-list 101 permit tcp any any eq 25

route-map smtprelay
match ip address 101
set ip next-hop x.x.x.5

Interface fa0/0
ip policy route-map smtprelay

Now on R5 use PBR as well.

R5
access-list 101 permit tcp any any eq smtp

route-map smtprelay
match  ip address 101
set ip next-hop y.y.y.y

Interface Tunnel0
ip policy route-map smtprelay


That should get your smtp traffic to your server.

As for the GRE tunnel, if R1 and R5 both have accessible ips 1.1.1.1 and 5.5.5.5 resp, then

R1
Interface Tunnel0
ip address x.x.x.1 255.255.255.252
tunnel source 1.1.1.1
tunnel destination 5.5.5.5

R5
Interface Tunnel0
Ip address x.x.x.5 255.255.255.252
tunnel source 5.5.5.5
tunnel destination 1.1.1.1


Hope this helps
Peter


0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
stephen_c01Commented:
What other ISP's have done. Is just blocked all outgoing smtp and told all of their customers to use their relay.

-sc
0
ameer_mahmoodAuthor Commented:
Hi Stephrn c01,

can you please mention some big ISPs who have done that?

-Ameer
0
stephen_c01Commented:
http://news.zdnet.com/2100-3513_22-136518.html - comcast

I know http://www.frontier.com/ does it, because my client has their DSL service.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Broadband

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.