The Logical Firewall is capable of accepting and relaying email without authentication however this is disabled by default (to prevent spammers from abusing it).
Because some people have old tools or devices which automatically send email (without authentication) and our campus email relays are now requiring authentication, this page will describe how to setup the LFW as an email relay which does not require authentication. BUT TO PREVENT ABUSE BY SPAMMERS, YOU MUST USE TIGHT FIREWALL RULES TO PREVENT UNAUTHORIZED HOSTS FROM CONNECTING TO YOUR NEW RELAY.
To enable email relaying on the Logical Firewall you must complete two steps:
/usr/local/sbin/tables" file immediately
following these lines:
########################################## # these protect the firewall box itself # ##########################################and will look something like this:
iptables $INP -p tcp -s SRC_IP1 --dport 25 -j $ACCEPT # smtp iptables $INP -p tcp -s SRC_IP2 --dport 25 -j $ACCEPT # smtpWhere SRC_IP1 and SRC_IP2 are the IP addresses of the hosts from which you want to accept email to relay.
message_size_limit" in file
"/etc/postfix/main.cf"
and has a default value of 10MB in Gibraltar version 2.3. If you
want to do this by increasing ramdisk,
see Changing Gibraltar's Ramdisk Size
or if you want to reduce the value of "message_size_limit", just edit the
file above and then run the command:
"/etc/init.d/postfix restart".
(It is also possible to add a hard disk for more space in /var/spool but
that is more complicated and will not be described here.)
When this is done, those (and only those) hosts listed in the rules should be able to use the firewall's IP (either its public or private IP address) as an SMTP email relay.
Corey Satten
Email -- corey @ u.washington.edu
Web -- http://staff.washington.edu/corey/
Date --
Mon Jan 28 12:25:29 PST 2008