Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Connect » Configure SMTP for restricted subnets *and* auth
  •  
cgreentx

Messages: 1
Karma: 0
Send a private message to this user
I need to restrict un-authenticated email to only come from my SPAM filtering service, but also allow authenticated users to relay. I have done this in Postini easily, but I have been unable to do this in Kerio. When I set the SMTP service to only allows from certain hosts it blocks all communication, authenticated or not. I would like to avoid doing it at the firewall and making my users use an alternate port.

Thanks!
Chris Green
  •  
sedell

Messages: 1168
Karma: 1
Send a private message to this user
I ran into a similar situation. I needed to block all incoming SMTP that doesn't come from our gateway, but still allow authenticated users to send.

It's not ideal, but I used the blacklist. I added 2 ranges to the custom blacklist - 1.1.1.1 to 192.167.255.255, and 192.168.2.0 to 255.255.255.255. My network and SMTP gateway fall within the 192.168.1.0/24 subnet, so this blocks all direct connects from the outside except for authenticated users, but still allows me to use relay exceptions for machines within the network. Since my MX doesn't point directly to my mail server, nothing except authenticated users should be connecting directly anyway.

For the first few months this was set up, we'd get tons of blacklist rejections because connections (always spammers) were coming in directly to our mail server. Once they started figuring out that they couldn't deliver mail directly, they started removing our direct IP from their lists. Now, we only get a few a day, and they're all from the same few IP addresses/ranges.

Scott
Previous Topic: Hardware Config KMS
Next Topic: leave messages on Server
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Tue Nov 21 09:20:11 CET 2017

Total time taken to generate the page: 0.00805 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.