Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 6 replies
  • Subscribers 1 subscriber
  • Views 2157 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Incoming SMTP lockdown to specific IPs

woderwald
I wish to restrict incoming SMTP traffic to a range of (external) IP addresses.  I would have thought this was easy, but I am seriously lost.  Is this proxy config? Packet filtering? Something else?


This thread was automatically locked due to age.
Parents
  • 0
    You cannot handle this requirement neither by using packet filter rules nor by using SMTP configuration settings. When astaro proxies are enabled, the associated ports are automatically allowed by the system, even if you try to restrict it by using packet filtering. Also, in SMTP proxy settings, there are no rules related to your requirement.

    In case you are not using a front-end / back-end firewall scenario I don't see an easy way to achieve this.
  • 0 in reply to lkar
    Woderwald, are you using the SMTP proxy?

    If not, I'd think that DNAT for only the allowed addresses would work.

    Barry
Reply Children
  • 0 in reply to BarryG
    Hi BarryG,
    If I understand what you are saying is that a DNAT rule will override the proxy only working through the default gateway? My understanding was that the proxies don't require NAT rules of any sort.

    Ian M[:)]
  • 0 in reply to RFCat_vk_01
    I'm saying if you don't use the SMTP proxy (DISABLE IT), I believe you can DNAT the SMTP traffic.

    I'm not saying the proxies need NAT/DNAT, but it sounded like DNAT and PF might work for Woderwald.

    FWIW, In my case, I'm not using the proxy, and allowing incoming SMTP, but without NAT.

    Barry
Cookie Information Banner