I have an old postfix server that was historically used by the campus as an outbound gateway. The campus is now supposed to use a different server running HAProxy with several backe-end postfix servers. I am using iptables on CentOS 7 to log and block smtp and submission traffic not coming from my front-end HAProxy server (with a few exceptions for testing and monitoring). What I would like to do is log and redirect the connection to the proxy server. How do I do this?
# cat /etc/sysconfig/iptables
# Generated by iptables-save v1.4.21 on Wed May 24 12:22:03 2017
*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [134:13069]
:LOGGING - [0:0]
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
…
-A INPUT -s 139.182.75.64/27 -p tcp -m tcp --dport 25 -j ACCEPT
-A INPUT -s 139.182.111.0/24 -p tcp -m tcp --dport 25 -j ACCEPT
-A INPUT -s 139.182.249.25/32 -p tcp -m tcp --dport 25 -j ACCEPT
-A INPUT -s 139.182.249.254/32 -p tcp -m tcp --dport 25 -j ACCEPT
-A INPUT -s 139.182.75.64/27 -p tcp -m tcp --dport 587 -j ACCEPT
-A INPUT -s 139.182.111.0/24 -p tcp -m tcp --dport 587 -j ACCEPT
-A INPUT -s 139.182.249.25/32 -p tcp -m tcp --dport 587 -j ACCEPT
-A INPUT -s 139.182.249.254/32 -p tcp -m tcp --dport 587 -j ACCEPT
…
-A INPUT -j LOGGING
-A LOGGING -m limit --limit 2/min -j LOG --log-prefix "IPTables-Dropped: "
-A LOGGING -j DROP
COMMIT
# Completed on Wed May 24 12:22:03 2017
--- Chad Cordero Information Technology Consultant Enterprise & Cloud Services Information Technology Services California State University, San Bernardino 5500 University Pkwy San Bernardino, CA 92407-2393 Main Line: 909/537-7677 Direct Line: 909/537-7281 Fax: 909/537-7141 http://support.csusb.edu/
--- Disclaimer: This e-mail message is for the sole use of the intended recipient(s) and may contain confidential and privileged information protected from disclosure. If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by replying to the message and deleting it from your computer.