I tried a search but could not find exactly what I am looking for. There is a site that is constantly sending e-mail to my GroupWise e-mail server at a clients site. I am using a Mandake box using iptables to handle the firewall.

Let's say the domain sending the e-mail is bademaildomain.com
I do not know the addy for the smtp relay so I want to block the whole domain. (Unless there is a way to find this?) Either way I would like to know how to block an entire domain.
I also get confused with OUTPUT and INPUT. At this point I could care less if people wanted to browse their web page etc, so outgoing requests originating inside my firewall should have access to the domain. I am using stateful packet inspection, will this allow it back in? If not I don't mind blocking it in both directions.

Would this work?

iptables -A OUTPUT -i $INTERNET -s bademaildomain.com -j DROP

$INTERNET is my port going out to the Internet.

Thanks,

Zych

I guess I need to do another update. Since I am using DNAT I would think it would need to be changed to this:

iptables -A FORWARD -i $INTERNET -s bademaildomain.com -j DROP

I take it that INPUT and OUTPUT are only used if the box running the firewall (my Mandrake Linux box in this case.) is the destination or origin of the packet, correct?

From what I understand if any type of mangling or NAT is used, then the rule needs to apply to the FORWARD rule base, correct?

Thanks,

Zych

If you want to block spam from spammer@banemail.com then you need a mail filter - from filed can be easily spoofed so it's meaningless. If you want to block spam incoming form banemail.com, which happens to be open relay then iptables will do.