Topic: Block Port 25 From internet not intranet

[ctv_99]

i have sme 6.0.1 contribs edition

i dont want the web too see the smtp server just my clients inside the network?


any help is greatly apreciated

[raem]

ctv_99

One way to achieve the desired effect would be to install the dungog mailblocking contrib and create  a mail rule(s) that only accepts internal email from internal sources.

[ctv_99]

do you have a link to the contrib

[MSmith]

If I'm understanding the OP correctly, what he wants is to not be an open relay -- correct?  If that's what he's asking, then it's already built into SME.  No one outside can *use* the SME SMTP server in 6.01 without the SSMTP contrib.  So no action is required, I think.

[comet]

either that or he wants to turn his mail server off.  

[CharlieBrady]

ctv_99

One way to achieve the desired effect would be to install the dungog mailblocking contrib and create  a mail rule(s) that only accepts internal email from internal sources.

That would be a complicated way to do it. Far easier to do:

/sbin/e-smith/config setprop smtpfront-qmail access private
/sbin/e-smith/config email-update

[jmvelez]

The fetchmail contribution will do what you what.

[CharlieBrady]

The fetchmail contribution will do what you what.

The fetchmail contrib won't do anything to port 25.

[jmvelez]

sorry your are right the fetch mail will only block Stations on internal LAN can access to externals POP and IMAP servers.  The email blocking contrib will restrict to only local and which domain in case you have more than one domain in the server.  It has a server-manager panel and is easy to use.  It can be found at dungog area here.

[CharlieBrady]

The email blocking contrib will restrict to only local and which domain in case you have more than one domain in the server.

The email blocking contrib will not block port 25 from the Internet, which is what was requested. The instructions I've given will do that, and don't require any extra packages to be installed.

[basso]

To turn this around a bit -- what's a good recipe for limiting access to port 25 to a single (local) IP?

Only my MX should be delivering to the SME box -- certainly not the filthy laptop a traveling user attached to my network today

(I've just inherited admin on this box and I'm learning that the SME way is a bit ... different.

Thanks for hints!

b.

[CharlieBrady]

To turn this around a bit -- what's a good recipe for limiting access to port 25 to a single (local) IP?

The firewall in SME currently does no blocking of any traffic from the local network(s).