This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

External Connection / Mail Server

Dear colleagues,

I have an internal e-mail server and in the last few days, I have received several login attempts in an attempt to send emails through IPS port 25 coming from other countries where we do not have employees. I would like to know how I could block connections from other countries only for login attempts/sending messages through our internal server.

This thread was automatically locked due to age.

Top Replies

Peter-Paul Gras over 1 year ago in reply to Bruno H Silva +1 suggested

Please read this: https://docs.sophos.com/nsg/sophos-firewall/19.0/Help/en-us/webhelp/onlinehelp/AdministratorHelp/RulesAndPolicies/FirewallRules/FirewallRulesBlackHoleDNATRuleCreate/index.html You should…

Parents

0 rfcat_vk over 1 year ago

You could try using a country block filter at the top of your firewall rule list or just s port 25 block rule from those countries.

Ian

XG115W - v20 GA - Home

XG on VM 8 - v20 GA

If a post solves your question please use the 'Verify Answer' button.
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 rfcat_vk over 1 year ago

You could try using a country block filter at the top of your firewall rule list or just s port 25 block rule from those countries.

Ian

XG115W - v20 GA - Home

XG on VM 8 - v20 GA

If a post solves your question please use the 'Verify Answer' button.
Cancel
Vote Up 0 Vote Down

Cancel

Children

0 Bruno H Silva over 1 year ago in reply to rfcat_vk

Hi,

I created the rule floowed your suggestion but when trying to send message using an external email by Gmail (Google) I do not receive a message. In this case, I chose to block the US. I don't know if the rule is correct.
Cancel
Vote Up 0 Vote Down

Cancel
0 Peter-Paul Gras over 1 year ago in reply to Bruno H Silva

Please read this: https://docs.sophos.com/nsg/sophos-firewall/19.0/Help/en-us/webhelp/onlinehelp/AdministratorHelp/RulesAndPolicies/FirewallRules/FirewallRulesBlackHoleDNATRuleCreate/index.html

You should create a Blackhole DNAT rule to accomplish this. Make sure it's the 1st rule.

SFVH (SFOS 20.0.0 GA-Build222) - Last (re)boot on November 6th 2023

Asus H410i-plus - Pentium 6605 Gold - 250GB M.2 PCIe NVMe SSD - 8GB - 3 ports

[If any of my posts are helpful to you please use the 'Verify Answer' link]
Cancel
Vote Up +1 Vote Down

Cancel