[c-nsp] SMTP Redirection

Julio Arruda jarruda-cnsp at jarruda.com
Fri Aug 17 20:12:32 EDT 2007


The traffic is being routed to the next-hop, but I would assume the 
layer3 header information is not being changed, so, the traffic is 
arriving at 192.168.20.20 would still have 'destination IP == original 
smtp server. you would need to DNAT the traffic somewhere so the IP 
stack in the 'intercept' server would see the traffic.

a. rahman isnaini r. sutan wrote:
> Hallo Jorge,
> 
> I did, as the next hop is only ip not with the specific port.
> Any destination to smtp will be redirected to 192.168.20.20 which in this 
> config should be directly connected to to gateway (router), while in many 
> providers their smtp oftenly covered by firewall which might be 3-4 hops 
> away from this gateway.
> Mail sending is stuck somewhere and I believe the router redirects the 
> traffic (let say smtp server directly connected) to the server without 
> having any idea to which opened / specific tcp port.
> 
> 
> :: a. rahman isnaini r. sutan
> 
> 
> 
> ----- Original Message ----- 
> From: "Jorge Evangelista" <netsecuredata at gmail.com>
> To: <cisco-nsp at puck.nether.net>
> Sent: Saturday, August 18, 2007 4:50 AM
> Subject: Re: [c-nsp] SMTP Redirection
> 
> 
> :I have not tried it yet, but I think that you could try something like that
> :
> : Customers=192.168.10.0/24
> : SmtpRelay=192.168.20.20
> :
> :
> : !
> : access-list 100 remark SMTP Redirect of Customers to smtp.providername.com
> : access-list 100 permit tcp 192.168.10.0 0.0.0.255 any eq smtp
> : !
> : route-map SMTP-Redirect permit 10
> : match ip address 100
> :  set ip next-hop 192.168.20.20
> : !
> : interface FastEthernet 0/0
> : description connected to Internet
> : ip policy route-map SMTP-Redirect
> : !
> : !
> :
> :
> :
> :
> : http://www.init7.net/anti-spam/
> :
> :
> :
> : On 8/17/07, a. rahman isnaini r. sutan <risnaini at speed.net.id> wrote:
> : > ip nat outside source static tcp o.o.o.o 25 xxx.xxx.xxx.xxx (mail 
> server)
> : > 25?
> : > :: a. rahman isnaini r. sutan
> : >
> : >
> : >
> : > ----- Original Message -----
> : > From: "Stephen Kratzer" <kratzers at pa.net>
> : > To: <cisco-nsp at puck.nether.net>
> : > Cc: "a. rahman isnaini r. sutan" <risnaini at speed.net.id>
> : > Sent: Friday, August 17, 2007 8:16 PM
> : > Subject: Re: [c-nsp] SMTP Redirection
> : >
> : >
> : > : On Thursday 16 August 2007 09:31:48 a. rahman isnaini r. sutan wrote:
> : > : > what the config looks like ?
> : > : > as the mail server is not located / directly connected to the 
> router.
> : > : >
> : > : > tx
> : > : >
> : > : > :: a. rahman isnaini r. sutan
> : > :
> : > :
> : > : http://www.cisco.com/warp/public/556/12.html#topic8
> : > :
> : > :
> : > : --
> : > : No virus found in this incoming message.
> : > : Checked by AVG Free Edition.
> : > : Version: 7.5.484 / Virus Database: 269.11.19/956 - Release Date: 
> 8/16/2007
> : > 9:48 AM
> : > :
> : > :
> : >
> : > _______________________________________________
> : > cisco-nsp mailing list  cisco-nsp at puck.nether.net
> : > https://puck.nether.net/mailman/listinfo/cisco-nsp
> : > archive at http://puck.nether.net/pipermail/cisco-nsp/
> : >
> :
> :
> : -- 
> : "The network is the computer"
> : _______________________________________________
> : cisco-nsp mailing list  cisco-nsp at puck.nether.net
> : https://puck.nether.net/mailman/listinfo/cisco-nsp
> : archive at http://puck.nether.net/pipermail/cisco-nsp/
> :
> :
> : -- 
> : No virus found in this incoming message.
> : Checked by AVG Free Edition.
> : Version: 7.5.484 / Virus Database: 269.11.19/956 - Release Date: 8/16/2007 
> 9:48 AM
> :
> : 
> 
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/



More information about the cisco-nsp mailing list