[c-nsp] SMTP Redirection

a. rahman isnaini r. sutan risnaini at speed.net.id
Mon Aug 20 23:13:23 EDT 2007 

Hi,

Here is the hint for this.
It might be somebody who very familiar with linux/unix and cisco could 
convert this rightly to ip nat outside ?

 dst-nat add dst-address=0.0.0.0/0 protocol=tcp dst-port=25 
to-dst-address=202.150.64.2 to-dst-port=25


:: a. rahman isnaini r. sutan



----- Original Message ----- 
From: "a. rahman isnaini r. sutan" <risnaini at speed.net.id>
To: "Cisco NSP Puck Nether Net" <cisco-nsp at puck.nether.net>
Sent: Sunday, August 19, 2007 9:27 PM
Subject: Re: [c-nsp] SMTP Redirection


: This could be done if the smtp server directly connected to the router.
: Anyway thanks for the link, that's inspired me more.
:
:
::: a. rahman isnaini r. sutan
:
:
:
: ----- Original Message ----- 
: From: "Julio Arruda" <jarruda-cnsp at jarruda.com>
: To: "Cisco NSP Puck Nether Net" <cisco-nsp at puck.nether.net>
: Sent: Sunday, August 19, 2007 1:50 AM
: Subject: Re: [c-nsp] SMTP Redirection
:
:
::
:: The packets from the SMTP client -> to the SMTP server, would not be
:: translated by only using the PBR (match ip address 100, set ip next-hop
:: 192.168.20.20) piece.
:: I noticed that further down his email, Jorge mention a link to:
:: http://www.init7.net/anti-spam/
::
:: This site explain the configuration of the router AND the configuration
:: of the 'intercept' STMP server a little further down the page, BOTH need
:: to be done or this would not work.
::
:: If you can't do the 'destination IP' NAT on the SMTP server, you should
:: be able to do it on the router itself, but this is not covered in the
:: link mentioned by Jorge.
::
::
:: a. rahman isnaini r. sutan wrote:
:: > "layer3 header information is not being changed" > right !.
:: > DNAT on the current gateway ?
:: >
:: > :: a. rahman isnaini r. sutan
:: >
:: >
:: >
:: > ----- Original Message ----- 
:: > From: "Julio Arruda" <jarruda-cnsp at jarruda.com>
:: > To: <cisco-nsp at puck.nether.net>
:: > Sent: Saturday, August 18, 2007 7:12 AM
:: > Subject: Re: [c-nsp] SMTP Redirection
:: >
:: >
:: > :
:: > : The traffic is being routed to the next-hop, but I would assume the
:: > : layer3 header information is not being changed, so, the traffic is
:: > : arriving at 192.168.20.20 would still have 'destination IP == 
original
:: > : smtp server. you would need to DNAT the traffic somewhere so the IP
:: > : stack in the 'intercept' server would see the traffic.
:: > :
:: > : a. rahman isnaini r. sutan wrote:
:: > : > Hallo Jorge,
:: > : >
:: > : > I did, as the next hop is only ip not with the specific port.
:: > : > Any destination to smtp will be redirected to 192.168.20.20 which 
in
:: > this
:: > : > config should be directly connected to to gateway (router), while 
in
:: > many
:: > : > providers their smtp oftenly covered by firewall which might be 3-4
: hops
:: > : > away from this gateway.
:: > : > Mail sending is stuck somewhere and I believe the router redirects
: the
:: > : > traffic (let say smtp server directly connected) to the server
: without
:: > : > having any idea to which opened / specific tcp port.
:: > : >
:: > : >
:: > : > :: a. rahman isnaini r. sutan
:: > : >
:: > : >
:: > : >
:: > : > ----- Original Message ----- 
:: > : > From: "Jorge Evangelista" <netsecuredata at gmail.com>
:: > : > To: <cisco-nsp at puck.nether.net>
:: > : > Sent: Saturday, August 18, 2007 4:50 AM
:: > : > Subject: Re: [c-nsp] SMTP Redirection
:: > : >
:: > : >
:: > : > :I have not tried it yet, but I think that you could try something
: like
:: > that
:: > : > :
:: > : > : Customers=192.168.10.0/24
:: > : > : SmtpRelay=192.168.20.20
:: > : > :
:: > : > :
:: > : > : !
:: > : > : access-list 100 remark SMTP Redirect of Customers to
:: > smtp.providername.com
:: > : > : access-list 100 permit tcp 192.168.10.0 0.0.0.255 any eq smtp
:: > : > : !
:: > : > : route-map SMTP-Redirect permit 10
:: > : > : match ip address 100
:: > : > :  set ip next-hop 192.168.20.20
:: > : > : !
:: > : > : interface FastEthernet 0/0
:: > : > : description connected to Internet
:: > : > : ip policy route-map SMTP-Redirect
:: > : > : !
:: > : > : !
:: > : > :
:: > : > :
:: > : > :
:: > : > :
:: > : > : http://www.init7.net/anti-spam/
:: > : > :
:: > : > :
:: > : > :
:: > : > : On 8/17/07, a. rahman isnaini r. sutan <risnaini at speed.net.id>
: wrote:
:: > : > : > ip nat outside source static tcp o.o.o.o 25 xxx.xxx.xxx.xxx
: (mail
:: > : > server)
:: > : > : > 25?
:: > : > : > :: a. rahman isnaini r. sutan
:: _______________________________________________
:: cisco-nsp mailing list  cisco-nsp at puck.nether.net
:: https://puck.nether.net/mailman/listinfo/cisco-nsp
:: archive at http://puck.nether.net/pipermail/cisco-nsp/
::
::
:: -- 
:: No virus found in this incoming message.
:: Checked by AVG Free Edition.
:: Version: 7.5.484 / Virus Database: 269.11.19/956 - Release Date: 
8/16/2007
: 9:48 AM
::
::
:

More information about the cisco-nsp mailing list