Using radius to block port 25 for all users except some?

classic Classic list List threaded Threaded
5 messages Options
| Threaded
Open this post in threaded view
|

Using radius to block port 25 for all users except some?

Drew Weaver

            Hi, with the proliferation of spam on the internet we’re taking the added step of making our modem banks only accept port 25 traffic destined for our SMTP servers, is there any way to use radius to exclude certain people from this policy, or, alternatively is there any way to use radius to enforce this policy altogether? We’re using a MAX tnt as our modem bank, sorry if this is wholly off-topic.

 

Thanks,

-Drew

 

| Threaded
Open this post in threaded view
|

Re: Using radius to block port 25 for all users except some?

Alex Kasatkin
Hi!

I'm using this feature by providing access-list number for my cisco NAS via Framed-Filter-Id attribute.
I'm not sure about MAX TNT, but if it can parse Framed-Filter-Id in radius reply you can try to solve your problem.

regards.

       
Drew Weaver [[hidden email]] wrote:

>             Hi, with the proliferation of spam on the internet we're
> taking the added step of making our modem banks only accept port 25
> traffic destined for our SMTP servers, is there any way to use radius to
> exclude certain people from this policy, or, alternatively is there any
> way to use radius to enforce this policy altogether? We're using a MAX
> tnt as our modem bank, sorry if this is wholly off-topic.
>
>  
>
> Thanks,
>
> -Drew

--
S.N.O.O.P.: Synthetic Networked Organism Optimized for Peacekeeping

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
| Threaded
Open this post in threaded view
|

RE: Using radius to block port 25 for all users except some?

Stuart Harris
In reply to this post by Drew Weaver
We use ascend modem banks, and simply send the
X-ascend-data-filter attributes:

X-Ascend-Data-Filter += ip in forward tcp
X-Ascend-Data-Filter += ip in forward dstip 72.21.11.0/24
X-Ascend-Data-Filter += ip in drop tcp dstport = 25
X-Ascend-Data-Filter += ip in drop tcp srcport = 80
X-Ascend-Data-Filter += ip in forward 0

It was shamelessly stolen from Qwest ;)
________________________________________
From: [hidden email]
[mailto:[hidden email]] On Behalf Of Drew
Weaver
Sent: 25 May 2005 10:42
To: [hidden email]
Subject: Using radius to block port 25 for all users except some?

??????????? Hi, with the proliferation of spam on the internet we?re taking
the added step of making our modem banks only accept port 25 traffic
destined for our SMTP servers, is there any way to use radius to exclude
certain people from this policy, or, alternatively is there any way to use
radius to enforce this policy altogether? We?re using a MAX tnt as our modem
bank, sorry if this is wholly off-topic.

Thanks,
-Drew




-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
| Threaded
Open this post in threaded view
|

Re: Using radius to block port 25 for all users except some?

azander
Greetings,
  Anyone have similar for a cisco 5300 series?  Or pointers to where I can get
said info?


William

On Wednesday 25 May 2005 11:22 am, Stuart Harris wrote:

> We use ascend modem banks, and simply send the
> X-ascend-data-filter attributes:
>
> X-Ascend-Data-Filter += ip in forward tcp
> X-Ascend-Data-Filter += ip in forward dstip 72.21.11.0/24
> X-Ascend-Data-Filter += ip in drop tcp dstport = 25
> X-Ascend-Data-Filter += ip in drop tcp srcport = 80
> X-Ascend-Data-Filter += ip in forward 0
>
> It was shamelessly stolen from Qwest ;)
> ________________________________________
> From: [hidden email]
> [mailto:[hidden email]] On Behalf Of Drew
> Weaver
> Sent: 25 May 2005 10:42
> To: [hidden email]
> Subject: Using radius to block port 25 for all users except some?
>
> ����������� Hi, with the proliferation of spam on the internet
> we�re taking the added step of making our modem banks only accept port 25
> traffic destined for our SMTP servers, is there any way to use radius to
> exclude certain people from this policy, or, alternatively is there any way
> to use radius to enforce this policy altogether? We�re using a MAX tnt as
> our modem bank, sorry if this is wholly off-topic.
>
> Thanks,
> -Drew
>
>
>
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
| Threaded
Open this post in threaded view
|

RE: Using radius to block port 25 for all users except some?

Drew Weaver
In reply to this post by Drew Weaver
I tried entering that into my /usr/local/etc/raddb/users file and it gave me an error about end of line or commas.

Any idea?

-Drew

-----Original Message-----
From: [hidden email] [mailto:[hidden email]] On Behalf Of Stuart Harris
Sent: Wednesday, May 25, 2005 11:23 AM
To: [hidden email]
Subject: RE: Using radius to block port 25 for all users except some?

We use ascend modem banks, and simply send the
X-ascend-data-filter attributes:

X-Ascend-Data-Filter += ip in forward tcp
X-Ascend-Data-Filter += ip in forward dstip 72.21.11.0/24
X-Ascend-Data-Filter += ip in drop tcp dstport = 25
X-Ascend-Data-Filter += ip in drop tcp srcport = 80
X-Ascend-Data-Filter += ip in forward 0

It was shamelessly stolen from Qwest ;)
________________________________________
From: [hidden email]
[mailto:[hidden email]] On Behalf Of Drew
Weaver
Sent: 25 May 2005 10:42
To: [hidden email]
Subject: Using radius to block port 25 for all users except some?

            Hi, with the proliferation of spam on the internet we're taking
the added step of making our modem banks only accept port 25 traffic
destined for our SMTP servers, is there any way to use radius to exclude
certain people from this policy, or, alternatively is there any way to use
radius to enforce this policy altogether? We're using a MAX tnt as our modem
bank, sorry if this is wholly off-topic.

Thanks,
-Drew




-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html