Topic: Accepting port 110 traffic from only one ip

[mikeyr]

We have an SME server behind a Barracuda Spam firewall. Spammers hit both the spam blocker and the SME server (which has a FQDN ) at the same time with spam. The Barracuda catches the spam but the SME with Spamassassin running does not. The question is: Can the SME server be set to only listen for port 110 traffic from a specific IP address? If so then I could set the SME box to only accept port 110(inbound) mail from the Barracuda.
Thanks in advance, Mike

[mikeyr]

My bad, I should have said I was wanting port 110 traffic to only come from one IP address. I have no need for mail to come from any where except the Barracuda box.

[Stefano]

hi

welcome here..

I'm sorry but.. you are saying you need SME's port 110 to accept traffic from a single ip?

as far as I understand from your first post, you have both barracuda and SME listening on wan on port 25.. isn't it?

please, clarify your setup and what you wish to achieve.

meanwhile, please take the time to read carefully the documentation.

Finally, in the future, please use the "search" link above before posting.. 99% of your question have been already answered

Ciao
Stefano

[Knuddi]

No most common setup would be to have the MX record point to the IP address of the Barracuda box which will filter and then forward all clean emails to the SME server on standard port 25. This way the SME server should/will only see filtered emails.

I use the SME server as spamfilter infront of an Exchange server and it catches close to all spam and marks all the rest perfectly (moved to "Exchange Junk E-mail folder")

[mikeyr]

We have a Barracuda box that is for monitoring spam on the inbound mail to our server. The server has a FQDN(mail.xxx.com) and therefore is also visable to the outside world as does the Barracuda(xxx.com).  Mail being sent to mail.xxx.com goes directly to the SME server and if it is spam is not being detected as such and is being delivered to the customer.  The same mail is also being sent to xxx.com which is going to the Barracuda and is being blocked. I would like to set the SME server to accept inbound mail ONLY from the IP address of the Barracuda and disregard anything to mail.xxx.com. I did do numerous searches but did not find any answers to my specific question. Thank you.

[Stefano]

hi

as knuddi suggests, point your mx to barracuda.

anyway, could you please post the result of

Code: [Select]

config show spamassassin
config show qpsmtpd | grep disabled

thank you
Stefano

[mikeyr]

The mx record is pointing to xxx.com. There is NO mx for mail.xxx.com. However, there is a FQDN for mail.xxx.com.

# config show spamassassin
spamassassin=service
    BayesAutoLearnThresholdNonspam=0.10
    BayesAutoLearnThresholdSpam=4.00
    DNSAvailable=yes
    MessageRetentionTime=1
    OkLanguages=all
    OkLocales=all
    RejectLevel=10
    ReportSafe=0
    Sensitivity=custom
    SkipRBLChecks=0
    SortSpam=enabled
    Subject=[SPAM]
    SubjectTag=enabled
    TagLevel=4
    UseBayes=1
    status=enabled

config show qsmtpd | grep disabled
has nothing in it.

[the-heck]

1. Why do you need to have SME open from outside when you have the barracuda?
2. Is a manual IPTables filter ok for a solution?
3. mail.xxx.com <-- no MX record?  how to receive mail?

barracuda<-->sme<-->lan
or
sme<-->barracuda<-->lan

Which one do you want to implement?

[CharlieBrady]

The question is: Can the SME server be set to only listen for port 110 traffic from a specific IP address? If so then I could set the SME box to only accept port 110(inbound) mail from the Barracuda.

Port 110 is used for clients connecting to collect mail from mailboxes using the POP protocol. You can learn what protocol uses port 110 by running this command 'grep 110 /etc/services'.

[the-heck]

yes... port 25 is the one that he really needs.

[mikeyr]

Looking for Barracuda<--->sme<--->lan
Yes, an iptable entry might work.
Spammers are sending mail directly to the mail.xxx.com address and it just so happens to be the same box as xxx.com, therefore mail servers are running.

[mmccarn]

Just create a firewall rule on your firewall that prohibits inbound traffic on port 25 from reaching your SME server.

[mikeyr]

Blocking inbound port 25 traffic totally will also block the inbound traffic from the Barracuda won't it? I just want the sme server to listen for inbound mail from the Barracuda.

[Stefano]

mikeyr

you can't have 2 servers listening on 25 at the same time with the same address.. so block inbount traffic directed to port 25 on SME wan IP

Ciao
Stefano

[Knuddi]

Even though I do not understand why you do not fix this via DNS settings you can alter your iptables to only accept SMTP connection from your barracuda box. Now you have an entry on your SME server that states (seen with iptables --list):

target     prot opt source               destination
ACCEPT   tcp  --  anywhere            smeserver.domain tcp dpt:smtp

You need to alter the "source" from "anywhere" to be the IP address of your Barracuda box. I am not sure how to do this cleanly in SME but I am sure someone else know.