Locking down SMTP while permitting remote users (IMail, MX Logic)

Posted on 2009-02-23
Last Modified: 2012-06-27
We have recently subscribed to MX Logic to provide both incoming and outgoing mail defense, content filtering, etc. MX Logic recommends that access to the SMTP server be "locked down," and we agree that this is necessary as a tremendous amount of mail continues to exchanged directly with our server (even though the MX TTL was 30 minutes and the MX change was made several days ago). They suggest that we restrict SMTP access to two ranges ( and, either at the firewall or at the mail server. I don't believe that I can do this without at the same time blocking field users with aircards/dynamic IPs, home users, and users at field offices without VPNs who need to send mail. I need a solution that will allow us to exchange mail with MX Logic and authorized non-VPN users outside our offices without accepting any mail from random SMTP servers, if such is possible.

The email server is IMail Premium 10.02. We currently use SMTP AUTH with no SSL/TLS on Port 25 only. There are a number of SMTP access controls with IMail, but I'm not sure how to mix/match to suit. No solution is off the table, including client changes, if necessary. I really appreciate any suggestions.
Question by:jaredfaulkner
    LVL 65

    Accepted Solution

    I know what I would do - if your firewall is capable of doing it.
    Lock down the port 25 traffic as requested but at the firewall, not the server. Then open another port (2525 for example) with a port redirection to port 25 on the inside. Then configure the clients to use that alternative port for sending email instead.

    Another option would be to use TLS on the TLS port, if the server supports that.
    Basically anything other than port 25.


    Author Closing Comment

    Thanks for taking the time to answer. This seems like the way to go, and although changing the port for outside clients will be painful, the task seems manageable.

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    How your wiki can always stay up-to-date

    Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
    - Increase transparency
    - Onboard new hires faster
    - Access from mobile/offline

    This short article will present "How to import ICS Calendar onto Office 365 Calendar". I was searching for free (or not free) tools to convert ICS to CSV without success. The only tools I found & working well were online tools...this was too hard to…
    Microsoft has released various new features which are capable of handling various tasks. One of these tasks is ‘Migration from pop3 to Exchange Server’. Pop3 data stores various data along mailboxes like contacts, tasks, etc. So, it becomes the need…
    To show how to create a transport rule in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Rules tab.:  To cr…
    To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Servers >> Certificates…

    779 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    10 Experts available now in Live!

    Get 1:1 Help Now