Blocking incomming SMTP connections - What am I doing wrong?



  • I'm trying to deny connection to port 25 from all but my spam filtering service.

    Config details:
    PFSense 2.0
    Virtual IP (public) established for the Email server along with a 1:1 NAT entry for the LAN IP.

    I have setup a NAT entry (with the automatic firewall rule) for SMTP with the source type of "Network" and the address 74.125.148.0/22, which is the network for the anti-spam service. Spammers are still able to talk to my email server and I can telnet into port 25 from hosts other than the above mentioned subnet.

    What am I doing wrong?



  • First, If you have a 1-1 nat rule, you don't need a port-forward. Delete it. The default linked rule allows from all IPs. Add a firewall rule. Use 74.125.148.0/22 as the source and the destination the private IP on the email server and port 25.



  • Thanks dotdash - this is exactly what was happening.


Log in to reply