Koozali.org: home of the SME Server
Obsolete Releases => SME Server 7.x => Topic started by: fitzrik on February 07, 2008, 06:38:09 PM
-
Hello all,
I´ve searched the forum and wiki but can´t find what I´m looking for. Maybe I´m looking in the wrong place.
We have a 7.1.3 server which does its job fine. But we´re receiving a lot of spam. I know sme has a built in spam filter but we have chosen not to use this and are using an external spam filter. However spam is being delivered directly to our sme server bypassing the external filter.
Therefore i want to tell smeserver to only accept email from certain (4) IP addresses. I don´t know how or where to do this.
Perhaps someone can help me.
Thanks
Richard
-
I think you should focus on get your e-mail delivered where you wanna to be... not to just receive from 4 IP addressess.
BUT, if you choose that, you should do this on firewall rules. Are you using your SME as server-gateway with internet directly connected to external NIC ?
If not, you should block IPs on firewall/gateway/router/???
-
The four ip addresses are the mailservers of the spam filtering company.
The setup is as follows
internet <--> simple router with port 25 forwarded to sme <--> sme in gateway mode
Our simple router doesn't offer the facility so if sme offers the option I'd prefer to do it on that. If not possible I shall have to buy a new router. Thanks.
R
-
Fritzrik,
From console
config setprop smtpd AllowHosts abc.abc.abc.abc
signal-event email-update
Where abc.abc.abc.abc is the IP address you want to allow. You can add multiple IP's by comma seperating them.
To undo
config delprop smtpd AllowHosts
signal-event email-update
This will modify the firewall rules to only allow smtp connection from those IP addresses.
Alternatively you can deny smtp connections by
config setprop smtpd DenyHosts abc.abc.abc.abc
signal-event email-update
Jon
-
JonB, thanks for your reply. That looks like exactly what I'm looking for.
just to confirm, by adding the allowhosts (file, variable, array??) it will automatically deny all others??
Thanks again
Richard
-
Yes, it will only allow those hosts and deny all others.
Jon
-
Thanks Jon, that works a treat.
Could I also allow authenticated users to send email through the server no matter what ip address they're coming from?
-
have your remote users use smtps on port 465. This will not be blocked by the 'HostsAllow' setting on port 25, and will require authentication.
-
Thanks M.
-
fitzrik
On a similar subject, here's how to allow (force) authenticated connections only, and not allow unauthenticated connections.
http://wiki.contribs.org/Email#How_do_I_enable_smtp_authentication_for_users_on_the_internal_network.
See the two sections titled:
How do I enable smtp authentication for users on the internal network.
and
How do I disable SMTP relay for unauthenticated LAN clients