This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SMTP Proxy port 25 open at whole network

Version 7.3.05
Smpt proxy server is running in standard mode, this will open port 25 for ok,
but i don't want to listen all WAN addresses to port 25.

Is there a way to lock down port 25 from outside and open it to 1 address only.
Same issue with standard port 443 for ssl-vpn.

I would appreciate a tipp!

This thread was automatically locked due to age.

Parents

0 Keith_M over 16 years ago

I think if you forward port 25 (DNAT)on the other ips to a fake destination you could get do want you want.
Cancel
Vote Up 0 Vote Down

Cancel
0 shadowfly over 16 years ago in reply to Keith_M

good idea, thanks a lot
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 shadowfly over 16 years ago in reply to Keith_M

good idea, thanks a lot
Cancel
Vote Up 0 Vote Down

Cancel

Children

0 BAlfson over 16 years ago in reply to shadowfly

A null-route is a good idea, Keith, but I wonder if Shadowfly should be asking a diffferent question.
If you exclusively get inbound mail forwarded by upstream hosts, it is recommended to check the Upstream/Relay hosts only checkbox. This will limit access to SMTP to upstream and relay hosts (including authenticated relays).

In 'Mail Security >> SMTP' on the 'Relaying' tab, enter into the 'Upstream hosts/networks' the one host with the IP that you want to allow and check the box for 'Allow upstream/relay hosts only'. All outside attempts to access port 25 from other IPs will be blocked.

Cheers - Bob

Sophos UTM Community Moderator
Sophos Certified Architect - UTM
Sophos Certified Engineer - XG
Gold Solution Partner since 2005

MediaSoft, Inc. USA
Cancel
Vote Up 0 Vote Down

Cancel