Solved

Limit to Postini IP Range in Plesk

Posted on 2009-05-18
2
1,086 Views
Last Modified: 2013-12-16
I'm trying to limit incoming mail to only the IP range Postini provided me.  How can I make this work in Plesk's control panel where it doesn't seem to accommodate ranges?  Thx!

IP Range
74.125.148.0 - 74.125.151.255

CIDR Range
74.125.148.0/22

IP/Subnet Mask Pair
74.125.148.0
mask 255.255.252.0
0
Comment
Question by:sixth_street
2 Comments
 
LVL 13

Expert Comment

by:WizRd-Linux
ID: 24418265
If you have ssh access to the server, login as root and type:

iptables -A INPUT -s 74.125.148.0/22 -p tcp --dport 25 -j ACCEPT
iptables -A INPUT -p tcp --dport 25 -j DROP

Any changes to the firewall module in the control panel or rebooting the server will drop these rules and will need to be re-entered.  If you let me know the version of linux you are using I can tell you how to save these indefinately.  Alternatively you can attempt to translate these in the firewall module, but I think this is your issue.
0
 
LVL 4

Accepted Solution

by:
Adraenyse earned 500 total points
ID: 24446351
WizRd-Linux's instructions are correct, but Plesk takes full control over many functions including iptables when you are using the Firewall module. Therefore, any time you enter the module within Plesk and make a change, Plesk flushes and rewrites the entire iptables rules. It was because of this that I stopped using the Plesk module myself and now edit iptables configuration by hand, since it reset the counters everytime I made an edit.

However, Plesk's Firewall module does take CIDR input.

- Login to Plesk and go to SYSTEM -> MODULES -> FIREWALL
- Choose Add Custom Rule
- Enter in a rule name
- Choose what direction to match, in this case, incoming
- Choose ALLOW
- Enter in port 25
- Leave as TCP
- Press ADD
- Enter in 74.125.148.0/22 in the five boxes, the fifth box being the 22 (no slash)
- Press ADD
- Press OK

That rule will accept Postini's block. Then, to block the rest of the email:

- Choose Add Custom Rule
- Enter in a rule name
- Choose incoming
- Choose DENY
- Enter in port 25 and press ADD
- Leave the network space blank
- Press OK

It is important that you have the rules in this order, otherwise all email will be denied. Ensure that the ALLOW is above the DENY in the display list when you are done, then commit the changes.

Reference guide: http://download1.parallels.com/Plesk/Plesk7.5/Doc/plesk-7.5r-firewall-guide.pdf
0

Featured Post

Master Your Team's Linux and Cloud Stack!

The average business loses $13.5M per year to ineffective training (per 1,000 employees). Keep ahead of the competition and combine in-person quality with online cost and flexibility by training with Linux Academy.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Granting full access permission allows users to access mailboxes present in their database. By giving full access permission one can open and read the content of any mailbox but cannot send emails from that mailbox.
Local Continuous Replication is a cost effective and quick way of backing up Exchange server data. The following article describes the steps required to configure Local Continuous Replication. Also, the article tells you how to restore from a backup…
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…
Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…

810 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question