Dumb SMTP block outbound question

plandry64

I think it must be Monday, and not Thursday…..
I'm trying to write a firewall rule that will block all smtp (port 25) traffic going out the WAN port, EXCEPT from on smtprelay server that I have set up on my LAN.

Do I create the rule on the WAN port or the LAN port?
Blood sugar must be low because this should be a "no brainer" but the brain just isn't working today.

Will anyone take pity and suggest the correct rule configuration?

TIA - Paul
PS, Is it Friday yet?

viragomann

Add a block rule to LAN.
Protocol: TCP (or any)
Source: check "invert match." and select "Singel host or alias" and enter the smtp-relay address.
Destination port range: SMTP

Put the rule above any which could allow this traffic.

plandry64

Sweet! Thanks so much!

johnpoz

another method is to create rule that allows your IP you want out 25, then rule just below that blocks all to 25.