block access to port 25

[mbrando]

Hello,

How do I block access to port 25 for all IP addresses and allop only my hosted mail filter access to port 25 for mail delivery?

I tried to add this to the deny rules:

tcp|in|d=25|s=all

then added the the mail filters IP range to the allow rules. I tried to test using mxtoolbox but they are able to connect and get a 220 and 250 session transcript. I was under the impression that this would deny access to the port.

The I tried:

tcp|in|d=25|s=0.0.0.0

thinking that maybe 'all' should be the '0.0.0.0' IP. Still does not work.

I'm getting spammers direct connecting to our server for mail delivery and want to force mail to go through the hosted mail filter.

- Mike

[jcats]

Is port 25 open in "TCP_IN" ?

[mbrando]

Hello,

Yes.

- Mike

[jcats]

Remove it, that is allowing it to remain open taking precedence over your other rule.

Once removed restarted CSF

csf -r

[mbrando]

Hello,

Oh okay, I could not find any real docs on this filtering.

So to be clear, if I want to use advanced filtering like

tcp|in|d=25|s=all or tcp|in|d=25|s=0.0.0.0

I need to make sure that those ports are NOT configured in the TCP_IN or TCP_OUT.

Also which is more correct for all networks?

tcp|in|d=25|s=all or tcp|in|d=25|s=0.0.0.0

Thanks! :-)

- MIke

[mbrando]

It looks like either works correctly.

tcp|in|d=25|s=all or tcp|in|d=25|s=0.0.0.0

Thanks for clarifying.

- Mike

[jcats]

Glad you got it