On Sun, Oct 25, 2009 at 03:31:14AM -0700, Harold Huggins wrote:
>
> Where within the EXIM directory, and sample script, should I install
> iptable (replace 1.2.3.4 with IP to allow) rules to block ports 25.
>
> Sample of iptables rules:
>
> iptables -I INPUT -p tcp -s 1.2.3.4 --dport 25 -j ACCEPT
> iptables -I INPUT -p tcp -s 1.2.3.4 --dport 25 -j ACCEPT
> iptables -I INPUT -p tcp --dport 2525 -j REJECT
>
> iptables -I INPUT -p tcp -s 1.2.3.4 --dport 25 -j ACCEPT
> iptables -I INPUT -p tcp -s 1.2.3.4 --dport 25 -j ACCEPT
> iptables -I INPUT -p tcp --dport 2525 -j REJECT
>
>
> And, is this the best policy to block port 25?
??? Why are you blocking port 25 at all?
You don't want to do the above unless your machine (presumably internal)
can only receive email from IP 1.2.3.4.
You presumably want to be able to receive email from anywhere, so you
need to have something like:
iptables -A INPUT -p TCP --dport smtp -j ACCEPT
iptables -A INPUT -p TCP --dport smtps -j ACCEPT
ie accept incoming email from anywhere.
If you accept authenticated email (eg from peripatetic workers) you may want:
iptables -A INPUT -p TCP --dport submission -j ACCEPT
You should be able to use the names for the port numbers (look in /etc/services)
if not use the numbers: 25, 465 & 587.
--
Alain Williams
Linux/GNU Consultant - Mail systems, Web sites, Networking, Programmer, IT Lecturer.
+44 (0) 787 668 0256
http://www.phcomp.co.uk/
Parliament Hill Computers Ltd. Registration Information:
http://www.phcomp.co.uk/contact.php
Past chairman of UKUUG:
http://www.ukuug.org/
#include <std_disclaimer.h>
