Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Port forward SMTP traffic issue

    NAT
    3
    5
    2602
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • L
      liontaur last edited by

      Hey folks.

      I work for a hotel and we've recently been blocked access to our ISP's mail server due to a guest spamming through it. So now i've set up a sendmail server as a relay for the guests (anti-spam measures to follow). What I want to do is port forward all the outgoing SMTP traffic to our mail server (192.168.1.13) which is doable with a port forward. But then when our mailserver tries to send the mail out it just gets port forwarded to itself. Bit of a catch-22. So any suggestions? We're running pfSense 1.2.3

      Thanks,

      Mark

      1 Reply Last reply Reply Quote 0
      • D
        danswartz last edited by

        There are a few things you can try.  Easiest one is to just have pfsense block outbound smtp from any host except your sendmail box.  Give instructions on how to access your box.  I'm sorry, but it is not really feasible to transparently proxy smtp - someone might be trying to connect to, say, AOL's mailserver and using their credentials which won't work on your box.  If you are blacklisted though, how will this help?  Won't your hotel's IP be blacklisted and therefore the sendmail box too?  Or are there details you haven't shared?

        1 Reply Last reply Reply Quote 0
        • L
          liontaur last edited by

          I was thinking about blocking outbound 25 except from the sendmail server. I was hoping to have something more seamless but yea, I guess there could be someone who comes into the hotel who might have some unique setup. We're not blacklisted though. Its just that our ISP won't let us use their email server as they're concerned that we'll get their server blacklisted. One spammer in 9 years isn't too bad I think. But yea, they've got a business to run. Thanks for the help danswartz.

          1 Reply Last reply Reply Quote 0
          • jimp
            jimp Rebel Alliance Developer Netgate last edited by

            Just block all outbound 25 - that is standard practice nowadays. Clients can connect to their own ISP using secure connections on alternate ports (465 for secure SMTP, 587 for submission). Several major ISPs have already imposed such restrictions.

            Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

            Need help fast? Netgate Global Support!

            Do not Chat/PM for help!

            1 Reply Last reply Reply Quote 0
            • L
              liontaur last edited by

              Done and done. Thanks for the help guys.

              1 Reply Last reply Reply Quote 0
              • First post
                Last post