Re: [ilugd] Question about iptable rules for SMTP

Sat, 04 Feb 2012 03:26:02 -0800 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Gora Mohanty writes:
> On Sat, Feb 4, 2012 at 4:23 PM, Varad Gupta
> <[email protected]> wrote:
> [...]
>> IMHO, relaying should be controlled at the MTA level. All MTAs provide
>> control against open-relay.
>> 
>> In any case, if you specify source in iptables, then roaming users (with
>> data-cards) would not be able to send mails as their ips shall keep on
>> changing with every connection.

> Sorry, I was not clear in my description.

> I am setting up iptables rules for the server that is the MTA.
> What I wanted to have was SMTP input packets routed only to
> the server, and SMTP output packets routed only from the server. I
> know how to do that, but as the server IP is dynamic, it would
> make life easier if there were no security issues, and I could
> ignore source/destination packet routing.

Do you mean something like:


[internet] <-------> [router] <----> [server]

with router having public IP address, and iptables rules.
     server having dynamic private IP address (like assigned through DHCP),
     and running MTA

Is this how your setup looks like?

HTH
- -- 
Ashish SHUKLA

“A designer knows he has achieved perfection not when there is nothing
left to add, but when there is nothing left to take away.” (Antoine de
Saint-Exupéry)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.18 (FreeBSD)

iQIcBAEBCgAGBQJPLRWbAAoJEMdGz6nnT6SwqesP/0MPM5kiOKpuQqlk1dfsU3/b
5KSSA+MbOpUNbS3jEdVzAAKsLfH8FtVdQwDWLb/R5OcHD0XnQub28IAOFDRKdCFO
x2xOyqN8EzNWpScwxpzri9ES0NmgIU0XHZw7KHcwg5+yhBGuQgrxVh6fBM8blkuQ
3fGHqpL4/wS3+xB5UI8gFS2S6amyozBUrr6ppjh8UldIVn0ATC/pyD0tjiRWdvQI
+QS68fM8LDS9emeBNdtJGUG/UEKDmVWFPGLnwaJlFVLv/YqV7NbQXUArs2FnSUWn
BxEcId3yBqZYbmyLSNr4I8jRZ4IaUHda0vw5NAA5iiFGIilqSuYNJJInBLF7fTD2
RQu+kY+zdNSDN8uFjnMCGZTVaxRnNAaZPslUzUYJkz3vUXm7uBqusCSS1okZAyNF
/IsptX3GnfV0P3xwd5iDEzvZmsJxLfUmrlv9ExlUuGYgjrYkOabqPR5e9AaqigIB
x54ZMf0spQy423BihrmRl1tYcCsc2CmqnY8zhQ8bLuJ2VdpO2Oyxl2mM/rhgYEIS
uryTEXWNzGyb11DYni7e/kWexFcooxo6XSwnIJ4NoO6gLLOFN22CXeKGFrihh8Bs
4uNW0bglymSo/VrMUaqEQhbDT3v1+GMtf+Wu9V3RTRP2Mx5u87S1cNCoJBaBTpBm
Xy2ECNbmEGbd72QZ+Het
=YTJC
-----END PGP SIGNATURE-----

_______________________________________________
Ilugd mailing list
[email protected]
http://frodo.hserus.net/mailman/listinfo/ilugd

Reply via email to