Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Control » Blocking users trying to connect to outside mail servers
  •  
ebatte

Messages: 175
Karma: 0
Send a private message to this user
Can someone advise me on how to block users from accessing smtp/pop/imap of their ISPs using a mail client?

I don't want users configuring their email clients to access hotmail, etc.

What does the traffic policy need to be?

thanks,
Eric
  •  
winkelman

Messages: 2119
Karma: 3
Send a private message to this user
Simply block the smtp/pop/imap protocols...
Suggested reading chapter 6: http://www.kerio.com/manual/kwf/en/ch06.html
  •  
ebatte

Messages: 175
Karma: 0
Send a private message to this user
I guess I neglected to mention that I have a Keiro Mailserver running on another computer that is behind the KWF firewall. If I block those services then the KMS machine will not be able to send/receive messages.

Is there a way to only allow the KMS machine access through the firewall for those services?

Eric
  •  
winkelman

Messages: 2119
Karma: 3
Send a private message to this user
Sure, just block all traffic on these protocols and put another traffic policy ABOVE the blockade that allows this traffic for your mailserver.
  •  
ebatte

Messages: 175
Karma: 0
Send a private message to this user
Thanks for the help. I'm not getting this right, though.

I setup a policy:

Source: KMS IP
Destination: cable modem
Service: SMTP, IMAP, POP3
Action: allow

And I placed it ahead of the NAT and FIREWALL TRAFFIC policies. One of these is what is allowing email communication with the KMS machine.

They include:

NAT
Source: Dial-in, Local Area Connetcion
Destination: Cable Modem
Service: SMTP, IMAP, POP3
Action: allow

FIREWALL TRAFFIC
Source: Firewall
Destination: Cable Modem
Service: SMTP, IMAP, POP3
Action: allow

When my new policy is enabled and ahead of these two no email from the KMS machine gets past the firewall.

Can you tell me what I did wrong?

thanks again,

Eric
  •  
feite

Messages: 523
Karma: 0
Send a private message to this user
rule 1 - allows mailserver to access internet (to send mail)
name: kerio mail
source: kerio mail server
dest: internet
service: SMTP, POP3, IMAP
action: allow
translation: nat default outgoing

rule 2 - block mail traffic from all pc's in the lan which are not allowed by rule 1
name: block mail from lan
source: lan
dest: internet
service: SMTP, POP3, IMAP
action: deny

rule 3 - allows access to internet from lan for specified services
name: internet access from lan
source: lan
dest: internet
service: <specify services>
action: allow
translation: nat default outgoing
Previous Topic: Mcafee exam
Next Topic: Port Problems
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Sat Nov 18 02:10:16 CET 2017

Total time taken to generate the page: 0.00422 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.