Koozali.org: home of the SME Server

Contribs.org Forums => Koozali SME Server 10.x => Topic started by: Michail Pappas on September 04, 2025, 01:55:21 PM

Title: Trying to filter outgoing traffic to mail ports
Post by: Michail Pappas on September 04, 2025, 01:55:21 PM

A friend on which I had installed SME years (10.2) ago suddenly got SME blackllisted in spamhaus. Might be a rogue LAN pc in his LAN, so I thought I'd follow instructions in https://wiki.koozali.org/Firewall#Block_outgoing_IPs_or_mac_addresses

(There was a hint to use the latest patches, not sure which they are though.)

However in messages I see the following:

Code: [Select]

14:44:28 mail server masq: iptables v1.4.21:
Sep  4 14:44:28 mail server masq: The "nat" table is not intended for filtering, the use of DROP is therefore inhibited.
Sep  4 14:44:28 mail server masq: Try `iptables -h' or 'iptables --help' for more information.Any idea on what has to be changed?

FYI:

Code: [Select]

masq=service
    DenylogTarget=drop
    Logging=most
    Stealth=no
    TCPBlocks=0.0.0.0/0:25,0.0.0.0/0:465,0.0.0.0/0:587
    Trace=disabled
    UDPBlocks=0.0.0.0/0:587
    pptp=yes
    status=enabled


Title: Re: Trying to filter outgoing traffic to mail ports
Post by: bunkobugsy on September 05, 2025, 11:33:11 AM

https://forums.koozali.org/index.php/topic,55266.msg291704.html

Title: Re: Trying to filter outgoing traffic to mail ports
Post by: Michail Pappas on September 05, 2025, 01:06:50 PM

Quote from: bunkobugsy on Yesterday at 11:33:11 AM

https://forums.koozali.org/index.php/topic,55266.msg291704.html

My apologies mate, I've referenced the wrong link. It's the next one that I've implemented (and get those error messages): https://wiki.koozali.org/Firewall#Block_outgoing_ports