Squid. Pop3/SMTP. Firewalld based Linux.

Imagine that you have installed Squid on firewalld based system.
First interface (eth0) connected into internal network and second (eth1) to internet.
To allow client browsing you can use http_access, but if you want to enable client to use for example pop3 or smtp (which squid is not support) the only way is sNAT.

I can find how to enable NAT for all ports (Masquerading, snat) and how to nat port with iptables, but cannot find how to limit it by ports trough firewalld.
Most of Linux admins advice to downgrade to iptables. Here is how to do that with firewalld:

Relay Postfix emails to MS Exchange. SpamAssassin,Postfix,Exchange Step-by-Step. Part 2.

In previous article we’ve installed spamassassin and pair it with Postfix.
It’s time to relay all external filtered emails to our exchange.

From now your Postfix should relay all filtered by spamassassin emails to Microsoft Exchange, you can stop here or you can enable Postfix as Smart Host in Exchange send connector, relay for exchange already configured above.

About Open Source Antispam: SpamAssassin,Postfix,Exchange Step-by-Step. Part 1.

Here is a quick start guide for SpamAssassin that works in pair with PostFix MTA in front and MS Exchange in back end.
We’ll also configure Statistic Analyzer for SpamAssassin and pair Postfix with Microsoft Exchange in next Parts.
This guide has been tested by non-Linux user by copy-pasting this config.
I’ve added description for each command and config file to make article more clear. All comments starts with ‘#’ symbol.

In my lab smtp1.digitalbears.net server will be used as SpamAssassin and Postfix server, cas-n01.digitalbears.net will be act as MS exchange backend. CentOS 7 x64 installed with minimall installation on smtp1.

Past following content:

Execute from smtp1 terminal:

Past following content:

Execute from smtp1 terminal:

Past following content:

From smtp1 terminal:

Now our SA configured and running.

Lets config our Postfix, we should redirect all coming to Postfix emails to SA.
Execute from smtp1 terminal:

Past following content:

Execute from smtp1 terminal:

From now you should be able to connect using telnet to our postfix&spamassassin server via 25 port and check wheather our antispam checks work or not:
Run from any server except smtp1

smtp1 is our antispam server. email queued for delivery, lets check root@smtp1 mailbox:

Execute from smtp1 terminal:

I’ve specify required_hits to 3 and add my network to trusted for testing purpose , as you can see message subject now is [SPAM], we also get a positive point from trusted ip LIST (-1 , more negative is better). Final score for email is 4.5 which is greater than 3, therefore message marked as spam.

SA Log File /usr/local/spamassassin/spamd.log
Postfix Log File /var/log/messages

In the next Part We’ll pair Postfix with MS Exchange.

Used Articles:
https://spamassassin.apache.org/full/3.1.x/doc/Mail_SpamAssassin_Conf.html
https://wiki.apache.org/spamassassin/ImproveAccuracy