Just like most sysadmins I have to deal with developers who want to zip off a quick email after their application finishes processing, sounds good right? Yes it is… but the internet is not a happy place and spam is around every corner. I avoid getting tagged as spam your systems email should really be sent via an internal relay. The internal relay should be registered with an MX entry in DNS to get the clear from all SPAM applicances and filtering. As such I want to use iptables to stop outgoing smtp requests unless they go to my central relay (123.123.123.123)
-A OUTPUT -p tcp -d 123.123.123.123 --dport 25 -m state --state NEW -j ACCEPT
-A OUTPUT -p tcp –dport 25 -m state —state NEW -j DROP
Works great… if you use a local mail programs you might want to add this line first
-A OUTPUT -p tcp -d 127.0.0.1 –dport 25 -m state –state NEW -j ACCEPT