Log smtp traffic rejection
If the mail server is installed, outbound traffic to port 25 (smtp) is rejected without traces in the firewall.log.
I'd prefer to have rejected client-originated smtp sessions logged, to potentially identify "infected" machines and/or internal system that need to directly deliver mail outside.
#5 Updated by Filippo Carletti almost 4 years ago
- Status changed from MODIFIED to ON_QA
- % Done changed from 60 to 70
NethServer should be the lan gateway and have the mail server installed.
Traffic from a client behind NethServer to port 25 (SMTP) will be rejected but not logged to /var/log/firewall.log.
From a client pc:
telnet gmail-smtp-in.l.google.com. 25 Trying 184.108.40.206... telnet: connect to address 220.127.116.11: Connection refused
After update, try again and look at /var/log/firewall.log. You'd see something like:
Oct 27 17:20:40 nethsecurity kernel: Shorewall:loc2net:REJECT:IN=eth0 OUT=eth4 SRC=192.168.5.5 DST=18.104.22.168 LEN=60 TOS=0x00 PRE C=0x00 TTL=63 ID=26084 DF PROTO=TCP SPT=34104 DPT=25 WINDOW=29200 RES=0x00 SYN URGP=0
#7 Updated by Giacomo Sanchietti almost 4 years ago
- Status changed from ON_QA to VERIFIED
- Assignee deleted (
- % Done changed from 70 to 90
VM VirtualBox - Clean install of Nethserver 6.7 fully updated
Package Installed: nethserver-mail-filter-1.3.3-1.3.gcb1395c.ns6.noarch
Other Package installed: Email
yum --enablerepo=nethserver-testing install nethserver-mail-filter
[root@localhost ~]# grep 25 /etc/shorewall/rules ACCEPT loc $FW tcp 25 ACCEPT net $FW tcp 25 ?COMMENT block port 25 from green REJECT:info loc net tcp 25
After trying to access port 25 from a LAN client, extract from firewall.log:
Nov 10 11:19:07 localhost kernel: Shorewall:loc2net:REJECT:IN=eth0 OUT=eth1 SRC=192.168.5.22 DST=22.214.171.124 LEN=60 TOS=0x10 PREC=0x00 TTL=63 ID=44705 DF PROTO=TCP SPT=40472 DPT=25 WINDOW=29200 RES=0x00 SYN URGP=0
The rule is generated also for blue networks:
[root@localhost ~]# grep 25 /etc/shorewall/rules ACCEPT loc $FW tcp 25 ACCEPT net $FW tcp 25 ?COMMENT block port 25 from green REJECT:info loc net tcp 25 ?COMMENT block port 25 from blue REJECT:info blue net tcp 25