SLUG Mailing List Archives - Re: [SLUG] smtp loops and dns spoofing

To: "Stewart" <stewart@xxxxxxxxx>, <slug@xxxxxxxxxxx>
Subject: Re: [SLUG] smtp loops and dns spoofing
From: "David Kempe" <dave@xxxxxxxxxxxxxxxxxxxxx>
Date: Thu, 16 Oct 2003 20:41:46 +1000

----- Original Message ----- 
From: "Stewart" <stewart@xxxxxxxxx>
> any other ideas?
>

You might be better off not using a DNS solution, and instead just making an
iptables rule that intrecepts/redirects outbound smtp.

$SMTP = 192.168.1.3

iptables -t nat -A PREROUTING -i eth1 -tcp --dport 25 -j DNAT --to $SMTP

if you use shorewall you can do this in your rules file:

DNAT loc net:203.12.160.59:25 tcp 25 - all

that IP being mail.tpg.com.au.

seems to work fairly well for us in a few locations.

dave

Follow-Ups:
- Re: [SLUG] smtp loops and dns spoofing
  - From: Stewart

References:
- [SLUG] smtp loops and dns spoofing
  - From: Stewart

Messages sorted by: [ date | thread ]
Prev by Date: [SLUG] named issues.
Next by Date: Re: [SLUG] smtp loops and dns spoofing
Previous by thread: [SLUG] smtp loops and dns spoofing
Next by thread: Re: [SLUG] smtp loops and dns spoofing