Mail Protection: SMTP, POP3, Antispam and Antivirus Blocking all SMTP requests, except from my smarthost!

UTM Firewall requires membership for participation - click to join

Thread Info

Locked Locked
Replies 8 replies
Subscribers 2 subscribers
Views 25701 views
Users 0 members are here

Options

Suggested

This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Blocking all SMTP requests, except from my smarthost!

FlemmingHougaard over 8 years ago

Hi

Situation is as follows:

I use the UTM SMTP Proxy functionality in order to use the spamfilter, and attach DKIM-information on ongoing mails!
Due to a public address within a DHCP scope, and the fact I can't get my ISP to make an PTR-record, I have to use a smarthost (upstream & downstream) I've created in Azure with postfix.
The checkmark "Allow upstream/relay hosts only" is checked, but the SMTP server is still answering on requests - I will get the 550 Access denied (not in relay or upstream list).

What I need:

The possibility to create a firewall rule, that will block all incoming SMTP connections.
and then a firewall rule, that will allow delivery of mail from my smarthost!

How to do? Can't seem to get it working...

Best regards

Flemming

This thread was automatically locked due to age.

Parents

BAlfson over 8 years ago

"The checkmark "Allow upstream/relay hosts only" is checked, but the SMTP server is still answering on requests - I will get the 550 Access denied (not in relay or upstream list)." I don't understand - can you say that a different way?

"The possibility to create a firewall rule, that will block all incoming SMTP connections and then a firewall rule, that will allow delivery of mail from my smarthost!" To manage this with any proxy in the UTM, make a NAT rule like 'NoNAT : SmartHost -> SMTP -> External (Address)' and another NAT rule following it like 'DNAT : Internet -> SMTP -> External (Address) : to {unreachable IP}'. To understand better why this is the only solution, see #2 in www.astaro.org/.../49065-rulz.html.

Cheers - Bob

Sophos UTM Community Moderator
Sophos Certified Architect - UTM
Sophos Certified Engineer - XG
Gold Solution Partner since 2005

MediaSoft, Inc. USA
Cancel
Vote Up 0 Vote Down

Cancel

Reply

BAlfson over 8 years ago

"The checkmark "Allow upstream/relay hosts only" is checked, but the SMTP server is still answering on requests - I will get the 550 Access denied (not in relay or upstream list)." I don't understand - can you say that a different way?

"The possibility to create a firewall rule, that will block all incoming SMTP connections and then a firewall rule, that will allow delivery of mail from my smarthost!" To manage this with any proxy in the UTM, make a NAT rule like 'NoNAT : SmartHost -> SMTP -> External (Address)' and another NAT rule following it like 'DNAT : Internet -> SMTP -> External (Address) : to {unreachable IP}'. To understand better why this is the only solution, see #2 in www.astaro.org/.../49065-rulz.html.

Cheers - Bob

Sophos UTM Community Moderator
Sophos Certified Architect - UTM
Sophos Certified Engineer - XG
Gold Solution Partner since 2005

MediaSoft, Inc. USA
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data