This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Drop SMTP Port 25 on one Interface

Hi,
i have an enabled smtp proxy, so on every interface port 25/smtp is open.

How it is possible to block smtp proxy on one interface?
Due to smtp/proxy ruleset is put in auto_ruleset, a packet filter rule on my own will be put into user_ruleset, but auto_rulset allow matches before my user_rulset deny.

I want all ports on that interface filtered, cause this Interface is only used for VPN traffic, and nothin else.

This thread was automatically locked due to age.

Parents

0 dayne1432 over 20 years ago

This may work. In your packet filters put a rule that states from any source to destination of that network drop SMTP.
Cancel
Vote Up 0 Vote Down

Cancel
0 maygyver over 20 years ago in reply to dayne1432

will not work, cause user filter rule is never been reached, ause auto filter rule is first.

Astaro user since 2001 - Astaro/Sophos Partner since 2008
Cancel
Vote Up 0 Vote Down

Cancel
0 thtran over 20 years ago in reply to maygyver

Hi!

You will have to use some NAT rules. Redirect traffic to non-VPN-ports on that interface to one of the other interfaces or to 192.168.1.1 or something ...

I'm using DNAT to block SMTP-traffic from some big ISPs to block malware-SMTP from infected PCs.
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 thtran over 20 years ago in reply to maygyver

Hi!

You will have to use some NAT rules. Redirect traffic to non-VPN-ports on that interface to one of the other interfaces or to 192.168.1.1 or something ...

I'm using DNAT to block SMTP-traffic from some big ISPs to block malware-SMTP from infected PCs.
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data