So I put a quick hack into the /usr/mailcleaner/bin/dump_firewall.sh script to get around my ISP's stupid firewall requiring me to use their relay server for any outbound mail.. This will redirect anything MC tries to deliver directly (but not to your normal delivery host), to a relay server of your choice. Useful if you keep logs of every piece of mail originating from your organization or users, our your ISP wont' allow direct connections...
If you have multiple NIC's you can customize it easily enough. Also, if you have multiple domains, with different destination IP address, you can add as many as you need.. I have two rules for one server because I'm using two NIC's for fault tolerance..
Stick these near the top where variables are declared. You can use hostname or IP address.
Code: Select all
my $MC_IP1 = "188.8.131.52"; # Your MailCleaner source interface IP address,
my $MC_IP2 = "184.108.40.206"; # Your MailCleaner source interface IP address,
my $mtaIP = "220.127.116.11"; # Your MTA IP address MC normally forwards too for the domain
my $relayMTA = "18.104.22.168"; # IP of the relay server you want to redirect MC's mail deliveries too, might be the same as mtaIP
my $relayPort = "25"; # Port..
put this in the do_start_script sub.. I inserted it after: print START "# local interface\n";
Code: Select all
print START "\n# Hack to redirect relayed mail to my MTA instead of MC trying to deliver directly.\n";
print START $iptables." -t nat -A OUTPUT -p tcp -s ".$MC_IP1." -d! ".$mtaIP." --dport 25 -j DNAT --to-destination ".$relayMTA.":".$relayPort."\n";
print START $iptables." -t nat -A OUTPUT -p tcp -s ".$MC_IP2." -d! ".$mtaIP." --dport 25 -j DNAT --to-destination ".$relayMTA.":".$relayPort."\n";
then restart mailcleaner (i don't know if just starting the firewall is enough.. didn't try.
I'm trying to incorporate that into MC's administration section, but I have to re-learn lots of coding.. it's been years... Would be a great feature addition to MC