[Techtalk] stopping outgoing virus mail
Brenda Bell
k15a-list-linuxchix at theotherbell.com
Tue Mar 18 19:51:27 EST 2003
Quoting Mary <mary-linuxchix at puzzling.org>:
> On Tue, Mar 18, 2003, Conor Daly wrote:
> > o Configure the firewall to do port forwarding.
> > o At the firewall, forward _any_ outgoing to port 25 to SMTP
> server port 25.
> > o Configure tho SMTP server to send outgoing mails on port
> 50025.
> > o At the firewall, forward outgoing from SMTP server to port
> 50025 to
> > internet on port 25.
>
> I don't understand firewalling that well, but is the last step
> necessary? I would have thought you could just modify the second
> rule so
> that the SMTP server's connections to external port 25 aren't
> firewalled
> in the first place. All other servers are firewalled, but *not* the
> SMTP
> server.
I think you're correct... the real key is to avoid loops. The path
for outbound email based on Conor's recommendation would be:
local net -> firewall port 25 -> internal SMTP -> firewall port 50025
-> internet port 25
Your modification would essentially create two distinct paths, a
direct path for the SMTP server itself and the indirect path above for
everyone else. The only flaw would be that the SMTP server would
propogate SMTP-capable viruses if the server itself were to be
infected -- unlikely unless you're crazy enough to run Exchange or
other M$-based mail servers :)
--
Brenda
http://opensource.theotherbell.com
More information about the Techtalk
mailing list