LinuxQuestions.org - How to Accept SMTP Requests for Subnet Only

- Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)

- - How to Accept SMTP Requests for Subnet Only (https://www.linuxquestions.org/questions/linux-security-4/how-to-accept-smtp-requests-for-subnet-only-566134/)

nytcrwlr70

07-02-2007 04:39 PM

How to Accept SMTP Requests for Subnet Only

Hello,

how do I allow ip addresses for subnet 192.165.x.x to access my server via SMTP but any other subnet outside of that group is rejected?

I tried the following syntax:

iptables -I INPUT 1 -s 192.165.0.0/16 -d 192.165.17.3 -p tcp --dport 25 --tcp-flags SYN,RST,ACK SYN -j ACCEPT

iptables -A INPUT -d 192.168.17.3 -j REJECT

Will this work?

coolb

07-05-2007 07:30 AM

what about hosts.allow and hosts.deny ?

TigerOC

07-06-2007 06:21 AM

This kind of restriction should be part of your MTA (Postfix certainly is able to define the network connection).

nytcrwlr70

07-06-2007 09:58 AM

This is true. However, I want Postfix to drop e-mail from the outside world and only allow connections from within out internal network. Perhaps I'll take this to a Postfix forum.

TigerOC

07-07-2007 01:21 AM

Quote:

Originally Posted by nytcrwlr70

This is true. However, I want Postfix to drop e-mail from the outside world and only allow connections from within out internal network. Perhaps I'll take this to a Postfix forum.

The easiest way to deal with this is not to forward port 25 on your external router interface. If the interface is closed then there is no connection to the outside world.

All times are GMT -5. The time now is 06:51 PM.