Blocking incomming SMTP connections - What am I doing wrong?
-
I'm trying to deny connection to port 25 from all but my spam filtering service.
Config details:
PFSense 2.0
Virtual IP (public) established for the Email server along with a 1:1 NAT entry for the LAN IP.I have setup a NAT entry (with the automatic firewall rule) for SMTP with the source type of "Network" and the address 74.125.148.0/22, which is the network for the anti-spam service. Spammers are still able to talk to my email server and I can telnet into port 25 from hosts other than the above mentioned subnet.
What am I doing wrong?
-
First, If you have a 1-1 nat rule, you don't need a port-forward. Delete it. The default linked rule allows from all IPs. Add a firewall rule. Use 74.125.148.0/22 as the source and the destination the private IP on the email server and port 25.
-
Thanks dotdash - this is exactly what was happening.