Re: [exim] iptables

Sun, 25 Oct 2009 04:51:30 -0700 

No. We built a smarthost that accepts IP Addresses only from DynDNS. The
goal is to block any other IP Address with the exception of DynDNS. Go to
the URL links, below:
http://www.jimmy.co.at/exim.html
https://www.dyndns.com/support/kb/mailhop_filtering.html
http://linux.die.net/man/8/iptables





On Sun, 25 Oct 2009 11:14:36 +0000, Alain Williams <[email protected]>
wrote:
> On Sun, Oct 25, 2009 at 03:31:14AM -0700, Harold Huggins wrote:
>> 
>> Where within the EXIM directory, and sample script, should I install
>> iptable (replace 1.2.3.4 with IP to allow) rules to block ports 25.
>> 
>> Sample of iptables rules:
>> 
>> iptables -I INPUT -p tcp -s 1.2.3.4 --dport 25 -j ACCEPT
>> iptables -I INPUT -p tcp -s 1.2.3.4 --dport 25 -j ACCEPT
>> iptables -I INPUT -p tcp --dport 2525 -j REJECT
>> 
>> iptables -I INPUT -p tcp -s 1.2.3.4 --dport 25 -j ACCEPT
>> iptables -I INPUT -p tcp -s 1.2.3.4 --dport 25 -j ACCEPT
>> iptables -I INPUT -p tcp --dport 2525 -j REJECT
>> 
>> 
>> And, is this the best policy to block port 25?
> 
> ??? Why are you blocking port 25 at all?
> You don't want to do the above unless your machine (presumably internal)
> can only receive email from IP 1.2.3.4.
> 
> You presumably want to be able to receive email from anywhere, so you
> need to have something like:
> 
>       iptables -A INPUT -p TCP --dport smtp   -j ACCEPT
>       iptables -A INPUT -p TCP --dport smtps  -j ACCEPT
> 
> ie accept incoming email from anywhere.
> 
> If you accept authenticated email (eg from peripatetic workers) you may
> want:
> 
>       iptables -A INPUT -p TCP --dport submission -j ACCEPT
> 
> You should be able to use the names for the port numbers (look in
> /etc/services)
> if not use the numbers: 25, 465 & 587.

-- 
Regards,
Manager, Harold Huggins
DSL Computer
13337 East South St., 416
Cerritos, Ca 90703
Phone: 973-854-4645 x 107
Fax: 973-854-4645
Email: [email protected]
http://dslcomputer.com
http://twitter.com/dslcomputer

-- 
## List details at http://lists.exim.org/mailman/listinfo/exim-users 
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

Reply via email to