[Techtalk] stopping outgoing virus mail

Conor Daly conor.daly at oceanfree.net
Wed Mar 19 23:35:50 EST 2003 

On Tue, Mar 18, 2003 at 06:51:27PM -0500 or so it is rumoured hereabouts, 
Brenda Bell thought:
> Quoting Mary <mary-linuxchix at puzzling.org>:
> 
> > On Tue, Mar 18, 2003, Conor Daly wrote:
> > > o Configure the firewall to do port forwarding.
> > > o At the firewall, forward _any_ outgoing to port 25 to SMTP
> > server port 25.
> > > o Configure tho SMTP server to send outgoing mails on port
> > 50025.
> > > o At the firewall, forward outgoing from SMTP server to port
> > 50025 to
> > >   internet on port 25.
> > 
> > I don't understand firewalling that well, but is the last step
> > necessary? I would have thought you could just modify the second
> > rule so
> > that the SMTP server's connections to external port 25 aren't
> > firewalled
> > in the first place. All other servers are firewalled, but *not* the
> > SMTP
> > server.
> 
> I think you're correct... the real key is to avoid loops.  The path
> for outbound email based on Conor's recommendation would be:
> 
> local net -> firewall port 25 -> internal SMTP -> firewall port 50025
> -> internet port 25
> 
> Your modification would essentially create two distinct paths, a
> direct path for the SMTP server itself and the indirect path above for
> everyone else.  The only flaw would be that the SMTP server would
> propogate SMTP-capable viruses if the server itself were to be
> infected -- unlikely unless you're crazy enough to run Exchange or
> other M$-based mail servers :)

Exactly.  I based it on a web proxy method assuming the proxy server
itself has user accounts.  To make sure even these users use the proxy,
you need to redirect their web requests via the proxy.  Then you have the
problem of deciding which requests come from the proxy itself.
Configuring the proxy to use a seperate port to everything else solves
that.  Does anyone know how to reserve a high port for the proxy's use?

Conor
-- 
Conor Daly <conor.daly at oceanfree.net>

Domestic Sysadmin :-)
---------------------
Faenor.cod.ie
 10:30pm  up 11 days, 23:45,  0 users,  load average: 0.00, 0.00, 0.00
Hobbiton.cod.ie
 10:30pm  up 12 days, 22:00,  1 user,  load average: 0.17, 0.18, 0.09

More information about the Techtalk mailing list