• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1225
  • Last Modified:

Locking down SMTP while permitting remote users (IMail, MX Logic)

We have recently subscribed to MX Logic to provide both incoming and outgoing mail defense, content filtering, etc. MX Logic recommends that access to the SMTP server be "locked down," and we agree that this is necessary as a tremendous amount of mail continues to exchanged directly with our server (even though the MX TTL was 30 minutes and the MX change was made several days ago). They suggest that we restrict SMTP access to two ranges (208.65.144.0/21 and 208.81.64.0/22), either at the firewall or at the mail server. I don't believe that I can do this without at the same time blocking field users with aircards/dynamic IPs, home users, and users at field offices without VPNs who need to send mail. I need a solution that will allow us to exchange mail with MX Logic and authorized non-VPN users outside our offices without accepting any mail from random SMTP servers, if such is possible.

The email server is IMail Premium 10.02. We currently use SMTP AUTH with no SSL/TLS on Port 25 only. There are a number of SMTP access controls with IMail, but I'm not sure how to mix/match to suit. No solution is off the table, including client changes, if necessary. I really appreciate any suggestions.
0
jaredfaulkner
Asked:
jaredfaulkner
1 Solution
 
MesthaCommented:
I know what I would do - if your firewall is capable of doing it.
Lock down the port 25 traffic as requested but at the firewall, not the server. Then open another port (2525 for example) with a port redirection to port 25 on the inside. Then configure the clients to use that alternative port for sending email instead.

Another option would be to use TLS on the TLS port, if the server supports that.
Basically anything other than port 25.

-M
0
 
jaredfaulknerAuthor Commented:
Thanks for taking the time to answer. This seems like the way to go, and although changing the port for outside clients will be painful, the task seems manageable.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Upgrade your Question Security!

Your question, your audience. Choose who sees your identity—and your question—with question security.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now