i'm connecting to a vpn server using a method outlined here [1].  that
part works great, i can connect to the remote server and tunnel a
secure connection though an insecure wireless link.  but i'm found
that my smtp server no longer works because my ISP thinks that i'm
trying to send mail from behind an unknown IP address ( the vpn server
).  now, i happen to have an smtp server running on on the same
machine as the vpn daemon and it's configured to accept smtp requests
from the loopback interface.  so, i'd like to be able to selectively
route smtp requests from ppp
clients to the smtp daemon that's running on the *same* host ( i know,
i know, from a security standpoint this is a bad idea, but i'm just
testing and i don't want to have a special dedicated box just for mail
quite yet ).  the idea would be to make ppp client smtp requests look
like they are coming from the loopback interface on the host ( i.e.
ppp clients don't have to reconfigure their smtp settings when they
are vpn'd.  if it's a port 25 packet, send it to to loopback,
regardless of it's original destination ), which is
have configured as a valid network for sending mail ( using postfix ).
 

i thought something like the following would work:

/sbin/iptables -t filter -A INPUT -i lo -j ACCEPT

/sbin/iptables  -t filter  -A INPUT -i ppp+ -p tcp --dport 25 -m state
--state NEW -j ACCEPT

/sbin/iptables -t nat -A PREROUTING -i ppp+  -s 192.168.1.2/24 -p tcp
--dport 25 -j DNAT --to-destination 127.0.0.1:25

but it's apparently not even close because smtp requests that are
directed to other smtp hosts don't get routed to the local smpt server
( no evidence of it in the mail server logs ) and if i go as far as to
change my ppp clients mailer smtp server settings to the be sent via
the the smtp server that's colocated on the same machine as the vpn
server, it fails as well.  in this case, the mail logs indicate that
the smtp server thinks that the smtp requests are coming from the wan
IP address of the connected ppp clients, which is not configured as a
valid host clients are nomadic so it's impossible to know ahead of
time what IP addresses they will be coming from;  i'd rather not
configure an open relay by configuring it to accept requests from
large blocks of IP addresses, so i'd rather *assume* that vpn
connections are *trusted* ( big assumption, i know ). and make it look
like their requests are coming from localhost.

that's all a longwinded way of getting at the actual question of what
iptables magic is required to  selectively route smtp requests from
ppp
clients to the smtp daemon that's running on the *same* host
regardless of their original destination.

so while i get out the packet sniffer and brush up on my iptables
rules i'll throw this out for any iptables guru that wants to make an
easy 50 bucks.

[1] http://answers.google.com/answers/threadview?id=428936#a

I think you are going the wrong route with ppp, it really dosen't
matter what ip they are connecting from..The fix lies in making
postfix allow email relaying if the user is authenticated.

Follow this url to enabled SASL support for postfix.
http://postfix.state-of-mind.de/patrick.koetter/smtpauth/smtp_auth_mailservers.html

As far as remote user's are concerned they connect to emailserver for
pop3 or imap and then = select option "smtp server requires client
authentication"

Hope this helps.