Locking down SMTP while permitting remote users (IMail, MX Logic)
Posted on 2009-02-23
We have recently subscribed to MX Logic to provide both incoming and outgoing mail defense, content filtering, etc. MX Logic recommends that access to the SMTP server be "locked down," and we agree that this is necessary as a tremendous amount of mail continues to exchanged directly with our server (even though the MX TTL was 30 minutes and the MX change was made several days ago). They suggest that we restrict SMTP access to two ranges (126.96.36.199/21 and 188.8.131.52/22), either at the firewall or at the mail server. I don't believe that I can do this without at the same time blocking field users with aircards/dynamic IPs, home users, and users at field offices without VPNs who need to send mail. I need a solution that will allow us to exchange mail with MX Logic and authorized non-VPN users outside our offices without accepting any mail from random SMTP servers, if such is possible.
The email server is IMail Premium 10.02. We currently use SMTP AUTH with no SSL/TLS on Port 25 only. There are a number of SMTP access controls with IMail, but I'm not sure how to mix/match to suit. No solution is off the table, including client changes, if necessary. I really appreciate any suggestions.