Hi,
I make use of the ASG SMTP proxy, but due to ISP restrictions I have SMTP coming in on port 2525 via the DynDNS MailHop Forwarding service. What I'd like to do is to continue with this setup, but disallow any inbound port 25 traffic, since any SMTP coming in on port 25 is typically spam. I'm having trouble figuring out how to do this, however. Right now I have DNAT set up so "SMTP Alternate" (defined as port 2525) from any source and with a destination of the external ASG interface translates to regular SMTP also destined for the external interface. This seems to work well in translating the inbound 2525 traffic to port 25 so that the SMTP proxy picks it up correctly.
What I cannot figure out is how to drop all inbound port 25 traffic. I've set up a packet filter rule with priority #1 to drop all port 25 traffic from the "Internet" network, but this seems to have no effect (presumably due to the sequencing of the packet filter and DNAT - I think DNAT happens after the packet filter). How can I drop port 25 traffic? SNAT would I believe happen prior to the packet filter, but in that case I assume all my inbound traffic (including traffic that was originally on port 2525) would look like port 25 traffic, which of course I want to block.
I'm probably missing something obvious here - any help much appreciated. What would be really nice is if the ASG SMTP proxy supported an option to run on a different port.
Thanks,
Martin.
This thread was automatically locked due to age.
