Koozali.org: home of the SME Server
Legacy Forums => Experienced User Forum => Topic started by: Alan Stevens on August 07, 2003, 10:21:03 PM
-
Hello Gurus,
I pass mail through an ISP's mail system (not our ISP) for virus scanning and spam filtering before having it delivered to our E-Smith (oops, I mean SME Server). How can I best limit SMTP connections to the subnet , or domain of the ISP?
Alan--
-
Basically, you only want incoming SMTP connections to be allowed by only your ISP's server, and no other SMTP server?
To do this, I would issue the following ipchains rule:
ipchains -A input -p tcp --dport 25 --source ! AAA.BBB.CCC.DDD/XX -j DENY -i ethX
Where AAA.BBB.CCC.DDD is the IP address and/or network number of the ISP's SMTP server and /XX is the CIDR notation of that respective subnet/host.
The exclamation mark denotes "deny all BUT AAA.BBB.CCC.DDD/XX" as is necessary.
-p tcp--dport 25 denotes protocol TCP, destination port 25 (SMTP)
ethX is the outward facing ethernet device, possibly eth0 or eth1.
Some common CIDR notation for subnet masks:
255.255.255.255 = /32
255.255.255.0 = /24
255.255.0.0 = /16
255.0.0.0 = /8
Hope this helped,
Nathan
-
Thanks Nathan,
That probably is what I am looking for. I didn't know if there was a way to have the smtp service refuse unwanted connections, but blocking at the firewall has the same effect.
How can I make this rule survive a reboot? Is there a specific template, or config file that I need to record it in, or does entering it at the CLI make it persistent?
What about /etc/e-smith/templates/etc/rc.d/init.d/masq/45AllowSMTP? Is there a way to add this rule to a custom template of this file?
Thanks again,
Alan--
-
I'm not sure about editing the fragment you specified, I run an older version of SME. However, if you appended it to the bottom of /etc/rc.d/rc.local it would survive a reboot. I'm not sure if rc.local is templated, you could check it out to see if it is and create a custom fragment. If it's not templated, then just append it to the bottom.
Hope this helped,
Nathan