unsubscribe 2014-10-09 13:32 GMT-03:00 Aaron C. de Bruyn <aa...@heyaaron.com>:
> In most of my client networks, there is an internal exchange server and an > external spam filter / mail gateway. > > I use floating rules to allow all SMTP traffic to the spam filter, and all > SMTP traffic to the Exchange servers, then I block all other SMTP. > > Viruses trying to send mail out to various SMTP servers on the net get > blocked (because it's not going through the spam gateway) and the Exchange > server requires authenticated SMTP. > > This makes it easy to set things like copiers (which usually have horridly > complex SMTP support with little or no logging other than "something went > wrong) and various linux/unix boxes to use our spam filter as an > unauthenticated relay, and viruses using SMTP can only talk to Exchange or > the spam filter. Either way, it's fairly easy to figure out which host is > spewing mail by looking at the Exchange or Postfix logs. It's also fairly > easy to rate-limit or block hosts that send more than 100 messages in an > hour. > > Use floating rules to accomplish the task. For example: > * Apply immediately on match, accept tcp/25 from any to exchange ip > * Apply immediately on match, accept tcp/25 from any to spam filter ip > * Apply immediately on match, reject tcp/25 from any to any > > -A > > > On Thu, Oct 9, 2014 at 4:05 AM, Mikey van der Worp <mvdw...@utelisys.com> > wrote: > >> To whom it may concern, >> >> >> >> Today I have come to you with the question on how to block users from >> spamming with smtp/25, behind *NAT* and the IP of PfSense (< NAT). We do >> not wish/want to block the entire SMTP traffic in the private range to the >> world, because there are important clients behind the pfSense, who actually >> behave normally, we thought about forcing all the SMTP traffic to be >> redirected trough the pfsense machine, so it can be scanned/blocked. (even >> when the user decides not to do this and want to use their own SMTP >> server). Is there some documentation for this or rate-limiting available? >> Do you might have any solutions for the problem described above? >> >> >> >> The current situation causes our server to be blocked at blacklists. >> >> >> >> Hopefully somebody can help me out! >> >> >> >> Thanks in advance, >> >> Mikey van der Worp >> >> >> >> - >> >> *Mikey van der Worp <https://www.linkedin.com/profile/view?id=182619557>* >> >> System Administrator >> >> >> >> Utelisys Communications B.V. >> >> Trinity Buildings >> >> Tower A, 7th floor >> >> Pietersbergweg 15 >> >> 1105 BM Amsterdam >> >> >> >> Tel +31 - 20 - 561 8010 >> >> Fax +31 - 20 - 561 8021 >> >> >> >> *"Like us" on facebook* >> >> https://www.facebook.com/utelisyscommunications >> >> >> >> *"Follow us" on Linkedin* >> >> https://www.linkedin.com/company/utelisys-communications-b.v./ >> >> >> >> www.utelisys.com – https://www.utelisys.com/ >> >> >> >> >> >> >> >> _______________________________________________ >> List mailing list >> List@lists.pfsense.org >> https://lists.pfsense.org/mailman/listinfo/list >> > > > _______________________________________________ > List mailing list > List@lists.pfsense.org > https://lists.pfsense.org/mailman/listinfo/list > -- Atte Jorge Severino Numero movil Personal: 08-7775834
_______________________________________________ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list