Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Control » Need help understanding specific traffic rules (About incoming and outgoing services)
  •  
clooster

Messages: 7
Karma: 0
Send a private message to this user
I used to work with the old WinRoute Pro from Kerio;
with which you could define seperate incoming and outgoing traffic, and in each of them you could define the source port and destination port.
I used this structure to define a certain set of SMTP traffic rules which I'm having trouble defining in the new Kerio Control.

We have a mail server which is only allowed to receive incoming mail from a couple of ip addresses (defined in a group) but is allowed to connect to all outside mailservers to send email.

This used to be defined and controlled by following rules:
Outgoing :: mailserver:any_port -> Any:25 [Outgoing smtp traffic]
Incoming :: Any:25 -> mailserver:any_port [Returning smtp traffic]

Incoming :: Externalmailserver_ipgroup:Any -> mailserver:25 [incoming smtp traffic]
Outgoing :: mailserver:25 -> Externalmailserver_ipgroup:Any [returning inc smtp traffic]

This would limit incoming mails only to be received via those few defined mailserver; but would allow to connect to all mailserver when sending mail.


Can anyone help me define this in the new Kerio Control ?
My guess is

Source; mailserver | Destination; any | Service SMTP
Source; Externalmailserver_ipgroup | Destination; mailserver | Service SMTP

Is this right ? Does this block any traffic from outside to my mailserver on port 25 other then those defined in the Externalmailserver_ipgroup ??

I hope I'm making sense here ?!

Regards
Steve
  •  
mlee (Kerio)

Messages: 246
Karma: 16
Send a private message to this user
I have made a couple of same rules for your consideration (See attachment)

Things you might want to consider are:
- If your mailserver has internal IP addresses, you have to enable mapping;
- There are cases that you might want to include SMTPS in the service;
- If you want your local network to access smtp, please make sure there other rules that allow it.

  • Attachment: smtp.png
    (Size: 18.17KB, Downloaded 467 times)

PTSD. BP. OCD. ASPD. BPD. Certified.
  •  
clooster

Messages: 7
Karma: 0
Send a private message to this user
Thanks for the reply, that's what I needed.

Regards,
Steve
Previous Topic: Automatic IP BAN
Next Topic: Packet loss through Kerio Control 7.4.0
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Mon Aug 21 21:41:03 CEST 2017

Total time taken to generate the page: 0.00431 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.