Koozali.org: home of the SME Server

Legacy Forums => Experienced User Forum => Topic started by: ctv_99 on October 13, 2005, 12:02:12 AM

Title: Block Port 25 From internet not intranet
Post by: ctv_99 on October 13, 2005, 12:02:12 AM

i have sme 6.0.1 contribs edition

i dont want the web too see the smtp server just my clients inside the network?


any help is greatly apreciated

Title: Re: Block Port 25 From internet not intranet
Post by: raem on October 13, 2005, 04:58:53 AM

ctv_99

One way to achieve the desired effect would be to install the dungog mailblocking contrib and create  a mail rule(s) that only accepts internal email from internal sources.

Title: Block Port 25 From internet not intranet
Post by: ctv_99 on October 13, 2005, 06:51:18 PM

do you have a link to the contrib

Title: Block Port 25 From internet not intranet
Post by: MSmith on October 13, 2005, 09:02:03 PM

If I'm understanding the OP correctly, what he wants is to not be an open relay -- correct?  If that's what he's asking, then it's already built into SME.  No one outside can *use* the SME SMTP server in 6.01 without the SSMTP contrib.  So no action is required, I think.

Title: Block Port 25 From internet not intranet
Post by: comet on October 13, 2005, 09:46:01 PM

either that or he wants to turn his mail server off.  ;-)

Title: Re: Block Port 25 From internet not intranet
Post by: CharlieBrady on October 13, 2005, 10:29:50 PM

Quote from: "RayMitchell"

ctv_99

One way to achieve the desired effect would be to install the dungog mailblocking contrib and create  a mail rule(s) that only accepts internal email from internal sources.

That would be a complicated way to do it. Far easier to do:

/sbin/e-smith/config setprop smtpfront-qmail access private
/sbin/e-smith/config email-update

:-)

Title: fetch mail
Post by: jmvelez on October 20, 2005, 11:49:19 PM

The fetchmail contribution will do what you what.

Title: Re: fetch mail
Post by: CharlieBrady on October 21, 2005, 02:41:26 AM

Quote from: "jmvelez"

The fetchmail contribution will do what you what.

The fetchmail contrib won't do anything to port 25.

Title: wrong contribution.
Post by: jmvelez on October 21, 2005, 04:56:19 PM

sorry your are right the fetch mail will only block Stations on internal LAN can access to externals POP and IMAP servers.  The email blocking contrib will restrict to only local and which domain in case you have more than one domain in the server.  It has a server-manager panel and is easy to use.  It can be found at dungog area here.

Title: Re: wrong contribution.
Post by: CharlieBrady on October 21, 2005, 08:14:46 PM

Quote from: "jmvelez"

The email blocking contrib will restrict to only local and which domain in case you have more than one domain in the server.

The email blocking contrib will not block port 25 from the Internet, which is what was requested. The instructions I've given will do that, and don't require any extra packages to be installed.

Title: Block Port 25 From internet not intranet
Post by: basso on November 23, 2005, 01:22:26 AM

To turn this around a bit -- what's a good recipe for limiting access to port 25 to a single (local) IP?

Only my MX should be delivering to the SME box -- certainly not the filthy laptop a traveling user attached to my network today :(

(I've just inherited admin on this box and I'm learning that the SME way is a bit ... different.

Thanks for hints!

b.

Title: Block Port 25 From internet not intranet
Post by: CharlieBrady on November 23, 2005, 01:56:16 AM

Quote from: "basso"

To turn this around a bit -- what's a good recipe for limiting access to port 25 to a single (local) IP?

The firewall in SME currently does no blocking of any traffic from the local network(s).