Filter by Server Hostname instead of IP

[arielgrin]

Dear all: I want to prevent all machines to send outbound mail (SMTP port 25) except through our SMTP server (smtp.myprovider.com)

To do this, I need to enter the server IP, but since smtp.myprovider.com resolves to many different IPs (Round Robin DNS), I have to know ALL the IPs of the server, which is not always possible.

Because of this, I would like to enter the server's hostname, but the policy manager doesn't allow that, giving this error: "Invalid address specified for Server Address: smtp.myprovider.com"

Is there a way to create policies by server's hostname to help on this kind of situation?

I'm using the "free" Untangle, since I don't need any of the extra packages.

Regards, Ariel

[mrunkel]

You don't want policy manager make a rule in the packet filter to block all outbound port 25 traffic and make a rule just above it to allow your mail server's source ip to send port 25.

If you have the free version of untangle you can't do anything useful with policy manager.

[itcinc]

Dear all: I want to prevent all machines to send outbound mail (SMTP port 25) except through our SMTP server (smtp.myprovider.com)

Is the smtp server yours (on your LAN) or your ISPs? Where is the primary DNS server for your network - LAN or WAN?

Location of both will determine how you attempt to solve this problem.

[arielgrin]

mrunkel: I get your point, but we would be in the same situation, since the firewall rules also work by IP, not by hostname. In fact, policy manager is doing the job for me, I just need to know how to use, if possible, hostnames instead of IPs, since it is not efficient to create one rule for every single IP that my provider's SMTP server may have.

itcinc: SMTP is not on my LAN, it's my provider's SMTP. I have a local DNS server for the LAN, which forwards DNS queries to my provider's DNS in case the hostname doesn't belong to my LAN.

[astrodanco]

If you have the free version of untangle you can't do anything useful with policy manager.

Whoa, please clarify this. What does "free version" mean exactly? Just no paid apps? Or are there physically different downloads?

I thought untangle was always a free download and that paid apps could always be purchased at any time and then be functional.

If I download and install untangle, then buy the $54.00/year policy manager app from the store, will I not then be able to define and use several additional racks/policies?

[jcoffin]

free version is just UT with no paid apps. There is no difference in ISO downloads.

[itcinc]

itcinc: SMTP is not on my LAN, it's my provider's SMTP. I have a local DNS server for the LAN, which forwards DNS queries to my provider's DNS in case the hostname doesn't belong to my LAN.

I would suggest that you add a single ip address for the external mail server to the local DNS server. I assume that your local DNS is the first in the resolution list with forwarders to the external DNS. By adding a known, specific address for the mail server you could then create firewall rules to allow outgoing port 25 traffic to that address and block all other outgoing port 25 traffic.