Protocol Monitoring/Blocking, SMTP specifically!
-
Hi,
I have had a search for blocking the SMTP protocol but didn't find anything discussing how you'd go about blocking a specific protocol.
For example, with our current firewall (Untangle) I am able to block the SMTP protocol from the entire subnet, and then allow SMTP from our mail server. The obvious idea is that we only want our mail server to be sending mail out of the network. We implemented this when we had a virus on a system here that was spamming from our network and we needed to figure out which system it was.
Blocking packets leaving from TCP port 25 from all hosts except our SMTP server is not the solution. You can send SMTP from any port you like, which is why we needed to block and monitor the SMTP protocol itself.
Any ideas on how to achieve the same thing with pfSense?
Cheers,
Scott -
Blocking port 25 and the submission port would really be effective for this. You can send SMTP on any port but it would be worthless since nobody else would be listening for that traffic.
If you really want to do that, on 2.0 you could setup a layer7 container to match smtp traffic and direct everything through it. Be aware, however, that layer7 inspection is quite CPU intensive and it will slow down all traffic processing that has to go through it.
