No. We built a smarthost that accepts IP Addresses only from DynDNS. The
goal is to block any other IP Address with the exception of DynDNS. Go to
the URL links, below:
http://www.jimmy.co.at/exim.html
https://www.dyndns.com/support/kb/mailhop_filtering.html
http://linux.die.net/man/8/iptables
On Sun, 25 Oct 2009 11:14:36 +0000, Alain Williams <addw@???>
wrote:
> On Sun, Oct 25, 2009 at 03:31:14AM -0700, Harold Huggins wrote:
>>
>> Where within the EXIM directory, and sample script, should I install
>> iptable (replace 1.2.3.4 with IP to allow) rules to block ports 25.
>>
>> Sample of iptables rules:
>>
>> iptables -I INPUT -p tcp -s 1.2.3.4 --dport 25 -j ACCEPT
>> iptables -I INPUT -p tcp -s 1.2.3.4 --dport 25 -j ACCEPT
>> iptables -I INPUT -p tcp --dport 2525 -j REJECT
>>
>> iptables -I INPUT -p tcp -s 1.2.3.4 --dport 25 -j ACCEPT
>> iptables -I INPUT -p tcp -s 1.2.3.4 --dport 25 -j ACCEPT
>> iptables -I INPUT -p tcp --dport 2525 -j REJECT
>>
>>
>> And, is this the best policy to block port 25?
>
> ??? Why are you blocking port 25 at all?
> You don't want to do the above unless your machine (presumably internal)
> can only receive email from IP 1.2.3.4.
>
> You presumably want to be able to receive email from anywhere, so you
> need to have something like:
>
> iptables -A INPUT -p TCP --dport smtp -j ACCEPT
> iptables -A INPUT -p TCP --dport smtps -j ACCEPT
>
> ie accept incoming email from anywhere.
>
> If you accept authenticated email (eg from peripatetic workers) you may
> want:
>
> iptables -A INPUT -p TCP --dport submission -j ACCEPT
>
> You should be able to use the names for the port numbers (look in
> /etc/services)
> if not use the numbers: 25, 465 & 587.
--
Regards,
Manager, Harold Huggins
DSL Computer
13337 East South St., 416
Cerritos, Ca 90703
Phone: 973-854-4645 x 107
Fax: 973-854-4645
Email: admin@???
http://dslcomputer.com
http://twitter.com/dslcomputer
