Dumb SMTP block outbound question

plandry64 · Aug 4, 2016, 8:38 PM

I think it must be Monday, and not Thursday…..
I'm trying to write a firewall rule that will block all smtp (port 25) traffic going out the WAN port, EXCEPT from on smtprelay server that I have set up on my LAN.

Do I create the rule on the WAN port or the LAN port?
Blood sugar must be low because this should be a "no brainer" but the brain just isn't working today.

Will anyone take pity and suggest the correct rule configuration?

TIA - Paul
PS, Is it Friday yet?

viragomann · Aug 4, 2016, 9:46 PM

Add a block rule to LAN.
Protocol: TCP (or any)
Source: check "invert match." and select "Singel host or alias" and enter the smtp-relay address.
Destination port range: SMTP

Put the rule above any which could allow this traffic.

plandry64 · Aug 4, 2016, 11:53 PM

Sweet! Thanks so much!

johnpoz · Aug 5, 2016, 10:28 AM

another method is to create rule that allows your IP you want out 25, then rule just below that blocks all to 25.