FYI:
For EFW 2.1.2
I've disabled the port forwarding rule for smtp and created by hand a
SNAT iptables rule forcing to be the first one in the POSTROUTING chain
(yes dest. port redundant )
iptables -t nat -I POSTROUTING -s internal_mailserver_ip -p tcp --dport
25 -j SNAT --to public_mailserver_ip:25
iptables -t nat -L --line-number | more
Chain POSTROUTING (policy ACCEPT)
num target prot opt source destination
1 SNAT tcp -- internal_mailserver_ip anywhere
tcp dpt:smtp to:public_mailserver_ip:25
2 CUSTOMPOSTROUTING all -- anywhere anywhere
3 REVERSENAT all -- anywhere anywhere
4 REDNAT all -- anywhere anywhere
5 POSTPORTFW all -- anywhere anywhere
Enabled smtp proxy for incoming mail, not checked transparent on zone.
With this change all incoming connections to port 25 for
public_mailserver_ip goes to the smtp proxy,being checked for virus/spam
and resended to internal_mailserver_ip, but the outgoing mail from
internal_mailserver_ip bypasses EFW standard nats, and is presented to
other mailservers with the public ip registered in dns.
To avoid client connections to be processed by smtp proxy I've created a
port forwarding rule with external port 26 forwarded to
internal_mailserver:25, and tolk with customers to change their mail
client config to point to public_mailserver:26
I've activated the antispam lists 'cause we were having more than 250
spam mails/minute (!)
Thanks to all who responded to my questions before, now it's running
very well
Best regards
D.
-------------------------------------------------------------------------
This SF.net email is sponsored by the 2008 JavaOne(SM) Conference
Don't miss this year's exciting event. There's still time to save $100.
Use priority code J8TL2D2.
http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone
_______________________________________________
Efw-user mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/efw-user
