Our ISP set up and installed an OpenBSD Firewall at the border doing NAT translation. I’m running a linux mailserver internally. It seems about every six months someone brings an infected laptop into the building that starts sending out spam and gets us blacklisted. I’m looking for something that will block all outgoing port 25 except from the mail server. Notification (email or ?) would be a big bonus.
I have been playing around with
however everytime I run that rule the email server returns "no route to host" when I try to telnet to outside servers.
I’m fairly new to the OpenBsd world so any suggestions on an overall monitoring or logging that could be setup on the firewall would be great also.
Thank you
Randy
Something like this from the cisco world.
I have been playing around with
Code:
pass out quick on $ext_if proto tcp from $emailserver to any port 25 flags S/SA synproxy state
block out on $ext_if proto tcp from any to any port 25
I’m fairly new to the OpenBsd world so any suggestions on an overall monitoring or logging that could be setup on the firewall would be great also.
Thank you
Randy
Something like this from the cisco world.
Code:
access-list acl_out permit tcp host X.X.X.X any eq 25
access-list acl_out deny tcp any any eq 25
access-list acl_out permit ip any any