Topic: Suggestions on how to disable the SMTP Proxy for a single IP

[Franco]

I have a setup with SME as the gateway and I'm using the SMTP Proxy, so stations on the LAN have to go through SME to send mail.
I also have another machine hosting a different domain and I'm using the ProxyPass contrib to make that reachable from outside.
How can I keep the rules and allow this single machine send mail on it's own, without having to use the Gateway SMTP?
 

TIA

[meanpenguin]

Hi,

So how are you making the clients "have to go through the SME?"

What keeps the user from going straight to the isp's smtp?


edward

[Franco]

Installation of the Fetchmail contrib gives you control of the SMTP, POP and IMAP proxy.

[meanpenguin]

Hi,

The trick is in the file
\etc\e-smith\templates\etc\rc.d\init.d\masq\35transproxy-fetchmail


So you need to create a file
\etc\e-smith\templates-custom\etc\rc.d\init.d\masq\34bypassproxy-fetchmail

that has a rule that allows the traffic (before the
35transproxy... blocks it) for a single ip address...

My Iptables is not good but it would need to counter-act this rule...

Code: [Select]


/sbin/iptables --table nat --append PREROUTING -i \$INTERNALIF -p tcp --dst ! \$LOCALIP --dport 25 --jump DROP



I'm almost sure this is wrong but it would be something like (assuming you want 192.168.1.50 is allowed to bypass the proxy):

Code: [Select]


/sbin/iptables --table nat --append PREROUTING -i \$INTERNALIF -p tcp --src 192.168.1.50 --dst ! \$LOCALIP --dport 25 -j ACCEPT


Hope this helps.

(remember to expand the masq file after the 34bypass... file is created)

edward

[CharlieBrady]

I have a setup with SME as the gateway and I'm using the SMTP Proxy, so stations on the LAN have to go through SME to send mail.
I also have another machine hosting a different domain and I'm using the ProxyPass contrib to make that reachable from outside.
How can I keep the rules and allow this single machine send mail on it's own, without having to use the Gateway SMTP?

I don't know what rules you want to "keep", but there shouldn't be any problems with that other machine using your SMTP proxy. What harm does it do you or them?

[Franco]

Thank you meanpenguin,
I'll try that and see it works! I hope it does!
Charlie,
This is a Win2k3 machine running Oracle and some type of ASP service that can't be configured to use an outside SMTP to send confirmation emails when customers sign in, so I'm forced to use a local mail on it. The SMTP proxy is great, cause it gives me control of the mails.
I had this setup working before with the Nat 1:1 contrib, but that exposes the entire server... so if I can make the rules work with the SMTP proxy, I'll be gold.  

Thanks guys!

[CharlieBrady]

This is a Win2k3 machine running Oracle and some type of ASP service that can't be configured to use an outside SMTP to send confirmation emails when customers sign in, so I'm forced to use a local mail on it.

I don't know what "use a local mail on it" means. But it shouldn't matter. The SMTP proxy should work without interfering with any SMTP agent running on the win2k box - that's why it's called a "transparent" proxy.

[Franco]

Ahhh you're right!
The problem is that I need it to use an external SMTP. With the Nat 1:1 that wasn't a problem before, I'm now using Proxypass, which only pass port 80.
I believe meanpenguin rules still applies, right?!