Port forward SMTP traffic issue



  • Hey folks.

    I work for a hotel and we've recently been blocked access to our ISP's mail server due to a guest spamming through it. So now i've set up a sendmail server as a relay for the guests (anti-spam measures to follow). What I want to do is port forward all the outgoing SMTP traffic to our mail server (192.168.1.13) which is doable with a port forward. But then when our mailserver tries to send the mail out it just gets port forwarded to itself. Bit of a catch-22. So any suggestions? We're running pfSense 1.2.3

    Thanks,

    Mark



  • There are a few things you can try.  Easiest one is to just have pfsense block outbound smtp from any host except your sendmail box.  Give instructions on how to access your box.  I'm sorry, but it is not really feasible to transparently proxy smtp - someone might be trying to connect to, say, AOL's mailserver and using their credentials which won't work on your box.  If you are blacklisted though, how will this help?  Won't your hotel's IP be blacklisted and therefore the sendmail box too?  Or are there details you haven't shared?



  • I was thinking about blocking outbound 25 except from the sendmail server. I was hoping to have something more seamless but yea, I guess there could be someone who comes into the hotel who might have some unique setup. We're not blacklisted though. Its just that our ISP won't let us use their email server as they're concerned that we'll get their server blacklisted. One spammer in 9 years isn't too bad I think. But yea, they've got a business to run. Thanks for the help danswartz.


  • Rebel Alliance Developer Netgate

    Just block all outbound 25 - that is standard practice nowadays. Clients can connect to their own ISP using secure connections on alternate ports (465 for secure SMTP, 587 for submission). Several major ISPs have already imposed such restrictions.



  • Done and done. Thanks for the help guys.


Log in to reply