Topic: Source-based SMTP host rejection

[robertcole]

I am attempting to configure our SME sever (6.0.1) to disallow any incoming SMTP traffic except from 64.18.0.0/20.  We set our server up with pre-filtering through another company, and all of the traffic will be directed through their servers and then to ours from that netblock.  I want any traffic that comes in from SMTP hosts that are not from this netblock to be rejected or rather, just dropped.

Is there a way to do this easily?

[kruhm]

good question. I wish I could answer it. This would also be helpful for spam rejection.

I put a packet sniffer on my network to find where the smtp connections are coming from. Most are forgein unsecured sites (no big suprise, right). With my new found list, i would like to block the ip addresses/ranges from even connecting. kinda like a rbl by ip address.

[robertcole]

I found a way to fanangle tcpwrapper into doing it for you.  I'm heading to bed now, but I'll write it up tomorrow.  Note, this does not solve my solution, because I am essentially needing to block ALL incoming traffic, but not incoming traffic with intent to send (like from my users, using it as their SMTP relay).  Essentially, you edit the tcp.smtp tcpwrapper file, put in the ip (or range) you want blocked, then put a colon and deny, like this:

123.123.123.123:deny

then rebuild the tcp.smtp.cbd file.

Pretty easy, but I'll make it more descriptive tomorrow.

[kruhm]

has anybody ever implemented a known-list like: http://web.greens.org/etc/r.txt or a similar list into their tcprules?

If I put this in a customized template in /etc/e-smith/templates-custom/etc/tcprules/tcp.smtp/ does it matter what I name the file? (for example, 40noacceptcustomized)

Do you rebuild the tcp.smtp.cbd file with a:  /sbin/e-smith/signal-event email-update?