DrayTek UK Users' Community Forum

Help, Advice and Solutions from DrayTek Users

Lock Incoming SMTP to specific IP range only

  • parallel
  • Topic Author
  • Offline
  • New Member
  • New Member
More
03 Feb 2012 15:51 #71078 by parallel
Lock Incoming SMTP to specific IP range only was created by parallel
Hi, I have a client that uses an external mail filtering service. Basically we point our MX record at them and they clean the email and forward it on to our EXT IP and onto our Exchange server. My problem is I need to lock down my router to only accept SMTP (on port 25) from 3 IP addresses and block SMTP traffic from all other IP’s. Can anyone help please? My router is a Draytek Vigor 2820.

Cheers

Please Log in or Create an account to join the conversation.

More
03 Feb 2012 16:39 #71080 by rj
Replied by rj on topic Re: Lock Incoming SMTP to specific IP range only
Hi,

Try the following praticall example : http://www.draytek.com/user/SupportFAQDetail.php?ID=2084

:-)

Hope this helps,

regards,

rj

Please Log in or Create an account to join the conversation.

  • parallel
  • Topic Author
  • Offline
  • New Member
  • New Member
More
03 Feb 2012 16:44 #71081 by parallel
Replied by parallel on topic Re: Lock Incoming SMTP to specific IP range only
Cheers i'll give that a go!

Please Log in or Create an account to join the conversation.

More
03 Feb 2012 17:20 #71083 by voodle
Replied by voodle on topic Re: Lock Incoming SMTP to specific IP range only
That method works for one IP well but if you want to manage a group of IPs to be allowed through the firewall, I got this from support on how to do it:

If you have multiple IP addresses that you want to allow through the
firewall, you will need to go to Objects Setting then IP Objects,
click an index / link on there and add the IP address details (single
IP / subnet IP / range IP). You will need to do this for each IP
address that you want to allow if they are in separate IP ranges.
You can then add them to an IP Group under Objects Setting then IP
Group, select an index/link on there and add the IP Objects to the
group.

To configure the filter rules, go to the Firewall menu then Filter
Setup and on there go to #2 Default Data Filter and select the first
un-used filter rule:

Filter Rule #1:

Comment: Block SMTP
Direction: WAN to LAN
Source IP: leave this set to Any
Destination IP: leave this set to Any
Service Type: click Edit, select TCP, leave Source Port as 1-65535,
set Destination Port to 25-25, or create a Service Type
Object called SMTP with the same settings.
Action: Block if No Further Match

Filter Rule #2:

Comment: Allow SMTP
Direction: WAN to LAN
Source IP: click Edit and either specify the address you want to
allow, or set the Address Type to Group and Objects and select the IP
Group you created, then click OK.
Destination IP: leave this set to Any
Service Type: same as the previous rule
Action: Pass Immediately

That should then limit access to port 25 TCP to those IP addresses
only.

Please Log in or Create an account to join the conversation.

Moderators: ChrisSami