Koozali.org: home of the SME Server

Obsolete Releases => SME Server 7.x => Topic started by: levien on February 04, 2010, 01:52:06 PM

Title: How to allow SMTP access only from a specified range?
Post by: levien on February 04, 2010, 01:52:06 PM

I'd like to disallow external access to port 25 from all hosts except those in a specific range. Because we use a batched SMTP service from our provider, all incoming email is sent through the provider's mail servers. I've recently noticed a lot of probing on our port 25 (which seems to be originating from botnets or hacked machines), so I only want to allow the provider's servers and drop all traffic to port 25 from other IPs.

What would be the easiest way to do this on SME 7.4?

I considered trying something like:
db configuration setprop smtpd AllowHosts 194.109.127.0/24,194.109.24.0/24
signal-event remoteaccess-update

But I suspect this wouldn't work as SMTP access is allowed by default anyway?
So is there a configuration setting for qpsmtpd that will do this, or should I try constructing a custom template fragment for the firewall (/etc/e-smith/templates-custom/etc/rc.d/init.d/masq) instead? And if so, for which table?

Thanks!
Levien

Title: Re: How to allow SMTP access only from a specified range?
Post by: mmccarn on February 04, 2010, 02:08:01 PM

The table at this wiki link (http://wiki.contribs.org/DB_Variables_Configuration#Additional_information_on_customizing_iptables) gives some more detail on exactly what 'AllowHosts' does.

Basically, the default 'AllowHosts' value of '0.0.0.0/0' is overwritten by your specified value(s) - so once you specify a value, all non-matching sources are subjected to the default 'DENY' rule.

The command you've shown should do exactly what you want, but of course, test to make sure!