Block SMTP traffic on a vigor 2820 router

Abbas Haidar
Abbas Haidar used Ask the Experts™
on
Hi,

I have a vigor router 2820, i am trying to block all the incoming traffic on port 25 from any ip address and enable it only from one ip address to avoid receiving spam. i have created data rules but still not able to block the traffic from Public. i was testing by blocking all the SMTP traffic, by setting a rule to block any traffic on port 25, i have enabled that rule but still able to receive emails, please find attached snapshots. Please advise.
SN01.png
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®

Commented:
I think under the general firewall rules you may have to change the default setting of the firewall to "always block". I'll go and have a look at some of ours..  
Abbas HaidarSenior Infrastructure Manager

Author

Commented:
when i when i selected block all, it blocked all the incoming traffic, and is it from WAN to LAN, or from LAN to WAN?
i appreciate your help plug1

Commented:
Once youve set it to block all, then you need to open the incoming ports you need, its the most secure way to run the firewall. YOu block everything and then relax what you need. You need to do it from WAN to LAN by the sounds of it for waht you are trying to achieve.
Success in ‘20 With a Profitable Pricing Strategy

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden using our free interactive tool and use it to determine the right price for your IT services. Start calculating Now!

Commented:
If you had come back to me from the above we may have got you a solution...
Abbas HaidarSenior Infrastructure Manager

Author

Commented:
ok let's not delete then, when i set the filter to block it blocked everything, and then i enable it specific incoming SMTP rules and didn't work! everything is blocked. Please find attached snapshots of my current configuration. note that i am putting the enable SMTP traffic rule and the block one in the same set
Draytek1.jpg
Draytek2.jpg
Draytek3.jpg
Draytek4.jpg
Abbas HaidarSenior Infrastructure Manager

Author

Commented:
Please don't delete as an expert is helping me through to sort the problem out!
Thanks

Commented:
Ok your first rule Block SMTP will completely over ride any Allow SMTP rules after it as the firewall parse the rules top to bottom, as soon as it sees the block rule, that's it the packets are dropped. You would have to re-order the rules for the lower ones to work.
Abbas HaidarSenior Infrastructure Manager

Author

Commented:
but when i set the filter to block as shown in the snapshot, all kind of traffic is blocked even http!

Commented:
Incoming HTTP or outgoing?

Try putting a first rule in of allow all outgoing from lan to wan from anywhere to anywhere.

Commented:
Ive just noticed this is all setup in the "Default Call Filter"... it should be in the "Default Data Filter" the call filter should be left at defaults.
Abbas HaidarSenior Infrastructure Manager

Author

Commented:
but when i set the filter to block as shown in the snapshot, all kind of traffic is blocked even http!

Commented:
What does your default data filter look like, post a snapshot of that.
Abbas HaidarSenior Infrastructure Manager

Author

Commented:
i have reset everything in the Default Data filter as shown in the snapshot, and blocked the rule under firewall>> general setup and all kind of traffic was blocked!
Callfilter1.jpg
Default-Data-filter.jpg
Senior Infrastructure Manager
Commented:
I just sorted it out using draytek technichal team, when you want to block port 25 from receiving anonymous traffic on the source port, the range should be from 1 to 65535 and on the destination should be from port 25 to 25 and the profile should be set to"block if no further match" as shown in the attached snapshot. to allow traffic from a specific source, you should do the same and type in the source ip address(allowed Ip) and then set the profile to "pass Immediatley"
draytek.jpg

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial