DrayTek UK Users' Community Forum

Help, Advice and Solutions from DrayTek Users

Draytek 2820 - Only allow single subnet inbound SMTP access

  • gavm99
  • Topic Author
  • Offline
  • New Member
  • New Member
More
09 Nov 2009 19:54 #58739 by gavm99
Hi all,

I have a Draytek 2820 and I want to allow only the SMTP server of my spam filtering provider inbound access to my server.

I have setup SMTP in Open Ports and I have created several filter rules. The rules deny all SMTP traffic and then the other rule allows just the IP address of my spam filtering providers.

However even with this setup, my SMTP still shows as visible when using GRC Sheilds Up.

Any ideas what I have done wrong?

Thanks.

Please Log in or Create an account to join the conversation.

More
09 Nov 2009 23:14 #58744 by macavity
Replied by macavity on topic Blocking SMTP
In order of likelyhood:

1. Are the rules in the default date filter (set 2)? If not, make sure that set 2 is configured to pass to the set you're using by configuring "Next Filter Set".

2. For inbound SMTP connections, make sure that the source and destination ports are "TCP, Port: from any to 25"

A common mistake is to put 'from 25 to 25' but the connection doesn't actually come from 25.

3. Is the direction for the filter rules to seto WAN-LAN?

4. Are the filter rules enabled? (Ok, you've checked this but it's worth mentioning :) )

5. Is the Data Filter enabled in "Firewall"-"General Setup" (it is by default) and set to set #2?

Please Log in or Create an account to join the conversation.

More
10 Nov 2009 12:15 #58749 by njh
Surely port 25 will show up as open to the outside world, but it will only pass traffic from your spam filtering provider?

2900Gi/v2.5.6; 2900/v2.5.6

Please Log in or Create an account to join the conversation.

More
10 Nov 2009 14:11 #58753 by macavity
If there are firewall rules blocking traffic then a scan from any address that's not passed would show as stealthed or closed (depending on how the scanning tool refers to no response)

Please Log in or Create an account to join the conversation.

Moderators: ChrisSami