Restrict Ip Access to Mail Server

[benjmauldin]

Hello. I'm in the process of trying to stop spam and need to restrict ip's to my mail server. I am currently using NG R55 and have made any changes to the ruleset in quite sometime. Could someone please point me in the direction in the gui of where I could restirct certain ips to talk to my internal mail server.

Thanks for any help.

[david]

the dashboard is used to setup your rules.
if you haven't had to create rules for a long time, i would use 'database revision control' from the file menu to create a backup of your current ruleset.

just in case.....

[benjmauldin]

Thanks!! I have used the Disaster Control and have a good backup. Now, could you direct me where and how to restrict the smtp external mail server to specfic ip/subnets. Do I have to create a network object?

[Joncon]

Easiest way is to:-

1. create a host object for your external mail provider / mail gateway. Populate object with required info, IP, Subnet etc.
2. create a host object for your internal mailserver. Populate object with required info, IP, Subnet etc.
3. Create a rule through Smartdashboard - Security tab - and enter the 2 objects you created above in source and destination columns. Service will need to be set to required value (e.g. smtp in your case). Action should be set to accept, and track set to log (unless you don't want to).

htp,

Joncon

[benjmauldin]

Thanks Joncon. I really appreciate the help. Do I also need to add anything to the Address Translation table?

Thanks again!

[Joncon]

Do you use NAT? If so what do your Address Translation rules say at the moment?

[benjmauldin]

Thanks for all your help. I created Network hosts with subnets and created a group. Then was able to create my rule.

I had not created a rule for sometime, but the gui came back to me quickly.

[Joncon]

Glad you know have this sorted.

Joncon