[c-nsp] SMTP Redirection

Julio Arruda jarruda-cnsp at jarruda.com
Sat Aug 18 14:50:30 EDT 2007


The packets from the SMTP client -> to the SMTP server, would not be 
translated by only using the PBR (match ip address 100, set ip next-hop 
192.168.20.20) piece.
I noticed that further down his email, Jorge mention a link to:
http://www.init7.net/anti-spam/

This site explain the configuration of the router AND the configuration 
of the 'intercept' STMP server a little further down the page, BOTH need 
to be done or this would not work.

If you can't do the 'destination IP' NAT on the SMTP server, you should 
be able to do it on the router itself, but this is not covered in the 
link mentioned by Jorge.


a. rahman isnaini r. sutan wrote:
> "layer3 header information is not being changed" > right !.
> DNAT on the current gateway ?
> 
> :: a. rahman isnaini r. sutan
> 
> 
> 
> ----- Original Message ----- 
> From: "Julio Arruda" <jarruda-cnsp at jarruda.com>
> To: <cisco-nsp at puck.nether.net>
> Sent: Saturday, August 18, 2007 7:12 AM
> Subject: Re: [c-nsp] SMTP Redirection
> 
> 
> :
> : The traffic is being routed to the next-hop, but I would assume the
> : layer3 header information is not being changed, so, the traffic is
> : arriving at 192.168.20.20 would still have 'destination IP == original
> : smtp server. you would need to DNAT the traffic somewhere so the IP
> : stack in the 'intercept' server would see the traffic.
> :
> : a. rahman isnaini r. sutan wrote:
> : > Hallo Jorge,
> : >
> : > I did, as the next hop is only ip not with the specific port.
> : > Any destination to smtp will be redirected to 192.168.20.20 which in 
> this
> : > config should be directly connected to to gateway (router), while in 
> many
> : > providers their smtp oftenly covered by firewall which might be 3-4 hops
> : > away from this gateway.
> : > Mail sending is stuck somewhere and I believe the router redirects the
> : > traffic (let say smtp server directly connected) to the server without
> : > having any idea to which opened / specific tcp port.
> : >
> : >
> : > :: a. rahman isnaini r. sutan
> : >
> : >
> : >
> : > ----- Original Message ----- 
> : > From: "Jorge Evangelista" <netsecuredata at gmail.com>
> : > To: <cisco-nsp at puck.nether.net>
> : > Sent: Saturday, August 18, 2007 4:50 AM
> : > Subject: Re: [c-nsp] SMTP Redirection
> : >
> : >
> : > :I have not tried it yet, but I think that you could try something like 
> that
> : > :
> : > : Customers=192.168.10.0/24
> : > : SmtpRelay=192.168.20.20
> : > :
> : > :
> : > : !
> : > : access-list 100 remark SMTP Redirect of Customers to 
> smtp.providername.com
> : > : access-list 100 permit tcp 192.168.10.0 0.0.0.255 any eq smtp
> : > : !
> : > : route-map SMTP-Redirect permit 10
> : > : match ip address 100
> : > :  set ip next-hop 192.168.20.20
> : > : !
> : > : interface FastEthernet 0/0
> : > : description connected to Internet
> : > : ip policy route-map SMTP-Redirect
> : > : !
> : > : !
> : > :
> : > :
> : > :
> : > :
> : > : http://www.init7.net/anti-spam/
> : > :
> : > :
> : > :
> : > : On 8/17/07, a. rahman isnaini r. sutan <risnaini at speed.net.id> wrote:
> : > : > ip nat outside source static tcp o.o.o.o 25 xxx.xxx.xxx.xxx (mail
> : > server)
> : > : > 25?
> : > : > :: a. rahman isnaini r. sutan


More information about the cisco-nsp mailing list