In most of my client networks, there is an internal exchange server and an external spam filter / mail gateway.
I use floating rules to allow all SMTP traffic to the spam filter, and all SMTP traffic to the Exchange servers, then I block all other SMTP. Viruses trying to send mail out to various SMTP servers on the net get blocked (because it's not going through the spam gateway) and the Exchange server requires authenticated SMTP. This makes it easy to set things like copiers (which usually have horridly complex SMTP support with little or no logging other than "something went wrong) and various linux/unix boxes to use our spam filter as an unauthenticated relay, and viruses using SMTP can only talk to Exchange or the spam filter. Either way, it's fairly easy to figure out which host is spewing mail by looking at the Exchange or Postfix logs. It's also fairly easy to rate-limit or block hosts that send more than 100 messages in an hour. Use floating rules to accomplish the task. For example: * Apply immediately on match, accept tcp/25 from any to exchange ip * Apply immediately on match, accept tcp/25 from any to spam filter ip * Apply immediately on match, reject tcp/25 from any to any -A On Thu, Oct 9, 2014 at 4:05 AM, Mikey van der Worp <[email protected]> wrote: > To whom it may concern, > > > > Today I have come to you with the question on how to block users from > spamming with smtp/25, behind *NAT* and the IP of PfSense (< NAT). We do > not wish/want to block the entire SMTP traffic in the private range to the > world, because there are important clients behind the pfSense, who actually > behave normally, we thought about forcing all the SMTP traffic to be > redirected trough the pfsense machine, so it can be scanned/blocked. (even > when the user decides not to do this and want to use their own SMTP > server). Is there some documentation for this or rate-limiting available? > Do you might have any solutions for the problem described above? > > > > The current situation causes our server to be blocked at blacklists. > > > > Hopefully somebody can help me out! > > > > Thanks in advance, > > Mikey van der Worp > > > > - > > *Mikey van der Worp <https://www.linkedin.com/profile/view?id=182619557>* > > System Administrator > > > > Utelisys Communications B.V. > > Trinity Buildings > > Tower A, 7th floor > > Pietersbergweg 15 > > 1105 BM Amsterdam > > > > Tel +31 - 20 - 561 8010 > > Fax +31 - 20 - 561 8021 > > > > *"Like us" on facebook* > > https://www.facebook.com/utelisyscommunications > > > > *"Follow us" on Linkedin* > > https://www.linkedin.com/company/utelisys-communications-b.v./ > > > > www.utelisys.com – https://www.utelisys.com/ > > > > > > > > _______________________________________________ > List mailing list > [email protected] > https://lists.pfsense.org/mailman/listinfo/list >
_______________________________________________ List mailing list [email protected] https://lists.pfsense.org/mailman/listinfo/list
