Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 5 replies
  • Subscribers 1 subscriber
  • Views 2792 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

bind exim to only one interface alias?

hagman_01
My external interface has several alias IPs (for several internal servers).
It seems that the Email Protection automatically binds to all these IPs. How can I make sure that it replies only to one of them? The obvious method (Network Protection - Firewall - new rule "Any-SMTP-Interface reject") did not work (I guess that's one of those thiungs to prevent admins from locking themselves out). Another attempt (DNATting SMTP on one alias-interface to nirwana) worked too well - it blocks all interfaces.


This thread was automatically locked due to age.
Parents
  • 0
    Hi, Lutz, and welcome to the User BB!

    You're not allowing external users to connect to the UTM's SMTP Proxy are you?

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • 0
    Hi, Lutz, and welcome to the User BB!

    You're not allowing external users to connect to the UTM's SMTP Proxy are you?

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
  • 0 in reply to BAlfson
    You're not allowing external users to connect to the UTM's SMTP Proxy are you?

    Hi Bob,

    no, I am not hosting an open relay, if that's what you wanted to know. The SMTP proxy is acting as our mail gateway to filter out spam and other unwanted stuff. Only mails for defined domains are accepted. But we allow authentication to get rights for relaying. This is needed because some clients connect via IMAP and SMTP from external IPs.

    The only bad thing is, that the bad guys can try to guess passwords because they are allowed to authenticate against the smtp proxy. So it is only a matter of time til a weak password may be discovered. I wanted to block the known bad IPs completely so they cannot even try to authenticate.

    Thanks to vilic for showing me a solution for this.

    Lutz
Unfiltered HTML