Page 1 of 2 12 LastLast
Results 1 to 10 of 19
  1. #1
    Untangle Ninja gotkimchi's Avatar
    Join Date
    Jan 2007
    Location
    Bay Area
    Posts
    2,106

    Lightbulb Howto create a firewall rule so that only my mail server is able to send out mail.

    Lately, we are getting more and more of this request. People want to only allow their mail server to send out mail and block everyone else.

    If you want to log this, I recommend using the firewall rules.
    Few things to consider...

    1) By default, the Untangle has the "no rack" policy for port 25 outbound. You will need to uncheck or delete this rule. I suggest unchecking it. Just in case you want to reuse it.
    (no longer needed on version 7.3 & up.)

    2) You will need to change the quarantinable addresses under, config, email, quarantine. The default is *, change it to *@yourdomain.com or individually list all your users email addresses.

    3) Now the firewall rules. The firewall rules work from top to bottom.
    Your top rule needs to be the pass rule. Should be something like this:


    Create the block rule like this:


    Please remember to put the pass rule on top of the block rule. Noticed that I did not check mark the log box on the pass rule. Its up to you. The block rule, the log box is checked because most people want to know.
    You can test to see if the rules are working or not by telnetting from the mail server and other users on the network. The mail server should be able to telnet out on port 25, and everyone should get blocked.
    to be understood, you must first understand. :)
    Attention: Support and help on the Untangle Forums is provided by volunteers and community members like yourself. If you need Untangle support please call or email support@untangle.com

  2. #2
    Untangler
    Join Date
    Apr 2009
    Posts
    88

    Default

    Great post gotkimchi. These forums are a GREAT resource to us untangle users and have amazing support from the untangle developers and administrators. Thank you.

  3. #3
    Newbie
    Join Date
    Jun 2009
    Posts
    11

    Default

    Hi,
    I implemented the above and it works. I did not uncheck the NORACK rule for port 25 as I can't find it. Where is it located.
    Also - I assume step 2 is meant so that if a workstation does start sending spam - that Untangle doesn't create a quarantine for it. Is that correct? It may be a bit of work for this as my server accepts mail for 20 domain names and 1000 mailboxes. I guess its easier to enter the domain names.

    Please advise.

    Thanks,

    Ron

  4. #4
    Untangle Ninja
    WebFooL's Avatar
    Join Date
    Jan 2009
    Location
    Sweden (Eskilstuna)
    Posts
    5,050

    Default

    Hi Ron,

    If your installation is on a 7.3 or 7.4 iso there is no "no rack" rule.
    If there is one it is located under the "Default rack"->"Show Policy Manager" on the main screen (next to the "Parent Rack: None").

  5. #5
    Untangle Ninja Mathiau's Avatar
    Join Date
    Feb 2008
    Location
    Costa Frickn' Rica
    Posts
    1,630

    Default

    SMTP port 25 traffic should only be TCP shouldn't it, don't need UDP...
    kv-2 | UT 11.0.1 | Dell R610 Server | Intel Xeon 2.8Ghz Quad Cores | 24Gb DDR3 ECC | 1 Intel QPort NIC | Integrated Broadcom QP | Dell Perc 4i | 6 x 73G 2.5 15k SAS raid 10 | 100mb/100mb | 30mb/30Mb

  6. #6
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    26,542

    Default

    Yeah SMTP is a TCP protocol. Also, until Untangle gets rid of the outbound no rack policy for SMTP. All you need is the firewall block rule. Block, destination port 25, protocol TCP, source interface internal. Then edit the no rack policy to have a client IP address of your internal SMTP server.

    The firewall simply isn't consulted for the outgoing traffic because the traffic never sees the rack... you could do the same with a bypass rule. You're generally not wanting to filter outgoing traffic anyway so you may as well free your Untangle of the load of passing outbound SMTP through the UVM at all.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  7. #7
    zay
    zay is offline
    Master Untangler zay's Avatar
    Join Date
    Aug 2008
    Posts
    103

    Default

    This maybe a bit off topic, but seems like emails with large attachments are blocked from coming in. I looked thru the forums, but did not really find any sound solution.
    What does it profit you to gain the world and lose your soul?

  8. #8
    Master Untangler Big D's Avatar
    Join Date
    Nov 2008
    Posts
    719

    Default

    UT has no attachment limit. In fact the larger the attachment the more likely it is that UT will not even try to verify the message as spam with spamassassin.

    Larger attachments take more time for the virus blocker to scan. I have sent a 30-40 MB attachments through an UT router it will perform this.

    You are more likely to run into a connection inactivity timeout issue on the receiving server or more likely the message exceeds the set size limits type of error.

    Yes a little off topic.
    The beatings shall continue until morale improves!

  9. #9
    Untangle Ninja dwasserman's Avatar
    Join Date
    Jun 2008
    Location
    Argentina
    Posts
    4,375

    Default

    The risk of post hijacking here, without creating self thread, is readingless, or less responses.
    The world is divided into 10 kinds of people, who know binary and those not

  10. #10
    Newbie
    Join Date
    Sep 2010
    Posts
    1

    Default

    Greate post. I have 3 ADSL lines and i want to use one just for POP and SMTP. Could you help

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2