Topic: Restrict SMTP delivery to certain IP addresses/Mailservers

[fitzrik]

Hello all,

I´ve searched the forum and wiki but can´t find what I´m looking for. Maybe I´m looking in the wrong place.

We have a 7.1.3 server which does its job fine. But we´re receiving a lot of spam. I know sme has a built in spam filter but we have chosen not to use this and are using an external spam filter. However spam is being delivered directly to our sme server bypassing the external filter.

Therefore i want to tell smeserver to only accept email from certain (4) IP addresses. I don´t know how or where to do this.

Perhaps someone can help me.

Thanks

Richard

[Jáder]

I think you should focus on get your e-mail delivered where you wanna to be... not to just receive from 4 IP addressess.

BUT, if you choose that, you should do this on firewall rules. Are you using your SME as server-gateway with internet directly connected to external NIC ?
If not, you should block IPs on firewall/gateway/router/???

[fitzrik]

The four ip addresses are the mailservers of the spam filtering company.

The setup is as follows

internet <--> simple router with port 25 forwarded to sme <--> sme in gateway mode

Our simple router doesn't offer the facility so if sme offers the option I'd prefer to do it on that. If not possible I shall have to buy a new router. Thanks.

R

[JonB]

Fritzrik,

From console

Code: [Select]

config setprop smtpd AllowHosts abc.abc.abc.abc
signal-event email-update
Where abc.abc.abc.abc is the IP address you want to allow. You can add multiple IP's by comma seperating them.

To undo

Code: [Select]

config delprop smtpd AllowHosts
signal-event email-update
This will modify the firewall rules to only allow smtp connection from those IP addresses.

Alternatively you can deny smtp connections by

Code: [Select]

config setprop smtpd DenyHosts abc.abc.abc.abc
signal-event email-update
Jon

[fitzrik]

JonB, thanks for your reply. That looks like exactly what I'm looking for.

just to confirm, by adding the allowhosts (file, variable, array??) it will automatically deny all others??

Thanks again

Richard

[JonB]

Yes, it will only allow those hosts and deny all others.

Jon

[fitzrik]

Thanks Jon, that works a treat.

Could I also allow authenticated users to send email through the server no matter what ip address they're coming from?

[mmccarn]

have your remote users use smtps on port 465.  This will not be blocked by the 'HostsAllow' setting on port 25, and will require authentication.

[fitzrik]

Thanks M.

[raem]

fitzrik

On a similar subject, here's how to allow (force) authenticated connections only, and not allow unauthenticated connections.

http://wiki.contribs.org/Email#How_do_I_enable_smtp_authentication_for_users_on_the_internal_network.

See the two sections titled:

How do I enable smtp authentication for users on the internal network.
and
How do I disable SMTP relay for unauthenticated LAN clients