Koozali.org: home of the SME Server

Trying to filter outgoing traffic to mail ports

Offline Michail Pappas

  • *
  • 353
  • +1/-0
Trying to filter outgoing traffic to mail ports
« on: September 04, 2025, 01:55:21 PM »
A friend on which I had installed SME years (10.2) ago suddenly got SME blackllisted in spamhaus. Might be a rogue LAN pc in his LAN, so I thought I'd follow instructions in https://wiki.koozali.org/Firewall#Block_outgoing_IPs_or_mac_addresses

(There was a hint to use the latest patches, not sure which they are though.)

However in messages I see the following:
Code: [Select]
14:44:28 mail server masq: iptables v1.4.21:
Sep  4 14:44:28 mail server masq: The "nat" table is not intended for filtering, the use of DROP is therefore inhibited.
Sep  4 14:44:28 mail server masq: Try `iptables -h' or 'iptables --help' for more information.
Any idea on what has to be changed?

FYI:
Code: [Select]
masq=service
    DenylogTarget=drop
    Logging=most
    Stealth=no
    TCPBlocks=0.0.0.0/0:25,0.0.0.0/0:465,0.0.0.0/0:587
    Trace=disabled
    UDPBlocks=0.0.0.0/0:587
    pptp=yes
    status=enabled


Offline Michail Pappas

  • *
  • 353
  • +1/-0
Re: Trying to filter outgoing traffic to mail ports
« Reply #2 on: Yesterday at 01:06:50 PM »
https://forums.koozali.org/index.php/topic,55266.msg291704.html
My apologies mate, I've referenced the wrong link. It's the next one that I've implemented (and get those error messages): https://wiki.koozali.org/Firewall#Block_outgoing_ports