On Mon, Feb 11, 2002 at 06:17:02PM -0000, Raphael Mankin wrote:
On 11-Feb-02 Jonathan McDowell wrote:
On Mon, Feb 11, 2002 at 12:41:47PM -0000, D wrote:
No sorry I think your missing the point.
I want to FORCE users/servers on the network to redirect outgoing data sent on port 25 to another server (Internal mail server)
Not incoming mail
Something like:
ipchains -A input --protocol tcp --dport 25 --jump REDIRECT 25
might do the trick then. Possibly might get confused with it both being port 25, so either running the MTA on the gateway on a different port or adding an exclusion for the gateway IP to the ipchains rule might help.
Since it is outgoing mail that is being redirected, that should read '-A output' not '-A input'.
Not that I really care, but I was assuming the redirection was being done on the gateway machine for machines on the network, in which case the packets *do* hit the INPUT chain as they come into the gateway from the internal interface.
However, it still won't work because the 'new' server will probably refuse the relay (it has its own anti-spam measures), and the sending process will be mighty confused because it thinks that it is talking to some other machine, not to one of your internal servers.
Freeserve manage it. Given that it's just SMTP you'll probably find most things don't care; I doubt anything standard checks the SMTP greeting which is going to be the only thing that's easily noticable. You're presumably redirecting to a machine that expects to relay for the network anyway, so that bit isn't a problem either. It'll Just Work, unless you throw something like SMTP AUTH or some other server specific extension into the mix, which very few clients do.
J.