Is it possible to make mail exit by alternative gateway?

Hi gents , I'm trying my best to improve my linux skills but I'm still
a newbie.

I have problems with spam , my ip address seems that was a dynamic one,
so there are some black-list that block our mails.

As we have 2 DSL lines I want to try to solve this problem in a non
academical way.

I can't change my incoming conecctions because the mail server is a web
server, and that would be a problem. So as the server can see both
gateway, I tought there could be a way to make any smtp connection to
be delivered by the alternative gateway.
Would this be possible?
Configuring route , with static routes this could be solved by ip, but
not by data type.
I only want mail to exit by the other gateway, and everything to keep
as now a days

Hope you can help , thanks and regards.

Sako wrote:
> Hi gents , I'm trying my best to improve my linux skills but I'm still
> a newbie.
>
> I have problems with spam , my ip address seems that was a dynamic one,
> so there are some black-list that block our mails.

Is your problem:
1. receiving too much spam that you want to filter out, or
2. Other mail hosts believing that you are a spammer when you are not?

If the problem is 1. then you need to install spamassassin or something
like it.
If the problem is 2. then you need to send your outgoing mail to a
smarthost with a static IP address, e.g. your ISP's.

Robert

>
> As we have 2 DSL lines I want to try to solve this problem in a non
> academical way.
>
> I can't change my incoming conecctions because the mail server is a web
> server, and that would be a problem. So as the server can see both
> gateway, I tought there could be a way to make any smtp connection to
> be delivered by the alternative gateway.
> Would this be possible?
> Configuring route , with static routes this could be solved by ip, but
> not by data type.
> I only want mail to exit by the other gateway, and everything to keep
> as now a days
>
> Hope you can help , thanks and regards.
>

"Sako" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed) oups.com
> I only want mail to exit by the other gateway, and everything to keep
> as now a days

This can be done with iproute2.

You have to tag your packets with iptables/netfilter first:
iptables -t mangle -A POSTROUTING -o eth0 -p tcp --dport 25 -j MARK
\ --set-mark 25

Then to route them specially if they have the tag:
ip rule add fwmark 25 table mail
ip route add default via 82.226.217.254 table mail

You have to learn how it works but it can do the trick :-)



--
Posted via Mailgate.ORG Server - http://www.Mailgate.ORG

Eric Lalitte wrote:
> "Sako" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed) oups.com
> > I only want mail to exit by the other gateway, and everything to keep
> > as now a days
>
> This can be done with iproute2.
>
> You have to tag your packets with iptables/netfilter first:
> iptables -t mangle -A POSTROUTING -o eth0 -p tcp --dport 25 -j MARK
________________________^^^^^^^^^^^______________
> \ --set-mark 25

Aren't marks valid only on the machine where they are set? Don't you
mean PREROUTING or OUTPUT chain? Ie., set the mark before packets hit
the RPDB, apply the rule(s) to select the proper route table, process
packets according to the selected route table.

> Then to route them specially if they have the tag:
> ip rule add fwmark 25 table mail
> ip route add default via 82.226.217.254 table mail
>
> You have to learn how it works but it can do the trick :-)

regards,
prg

Sako wrote:
> Hi gents , I'm trying my best to improve my linux skills but I'm still
> a newbie.
>
> I have problems with spam , my ip address seems that was a dynamic one,
> so there are some black-list that block our mails.

Don't you hate it when they do that? You do mean outgoing mail, right?

> As we have 2 DSL lines I want to try to solve this problem in a non
> academical way.
>
> I can't change my incoming conecctions because the mail server is a web
> server, and that would be a problem. So as the server can see both
> gateway, I tought there could be a way to make any smtp connection to
> be delivered by the alternative gateway.
> Would this be possible?

Yes, probably with netfilter/iptables or with policy routing (multiple
route tables).

> Configuring route , with static routes this could be solved by ip, but
> not by data type.
> I only want mail to exit by the other gateway, and everything to keep
> as now a days

If you can't use or rely on dst IP to filter, then you would
_hopefully_ be able to use the port number (25) to filter.

The mail server is dual homed? Is it forwarding packets between
interfaces?

I would use Eric's suggested approach using policy routing. It's
"different" from what people are used to and can be confusing at first
(uses the ip commands).

For more info you can check:
http://linux-ip.net/html/ch-routing.html
http://linux-ip.net/html/routing-tables.html
http://linux-ip.net/html/routing-rpdb.html

These will probably require close reading/study ;-)
http://www.policyrouting.org/PolicyR...NLINE/TOC.html
http://www.policyrouting.org/PolicyR.../CH03.web.html

You might get netfilter to do what you want but I prefer Eric's
approach.

good luck,
prg

On Thu, 23 Feb 2006 09:12:37 -0800, Sako wrote:

> Hi gents , I'm trying my best to improve my linux skills but I'm still a
> newbie.
>
> I have problems with spam , my ip address seems that was a dynamic one, so
> there are some black-list that block our mails.
>
> As we have 2 DSL lines I want to try to solve this problem in a non
> academical way.
>
> I can't change my incoming conecctions because the mail server is a web
> server, and that would be a problem. So as the server can see both
> gateway, I tought there could be a way to make any smtp connection to be
> delivered by the alternative gateway. Would this be possible?
> Configuring route , with static routes this could be solved by ip, but not
> by data type.
> I only want mail to exit by the other gateway, and everything to keep as
> now a days
>
> Hope you can help , thanks and regards.

If you are sure that your mailserver is not an open relay anymore you
should be able to get it out of the blacklists. It might take some time
but it should be possible.

If your mailserver is still an open relay, you should fix this.

Jan Hugo