Block Incoming SMTP Traffic from Internet except Specific IP Addresses
Posted by Roy Panetta on 28 October 2016 02:37 PM
In this application note we will show you how to configure a DrayTek Vigor router to only allow SMTP mail to the LAN from certain IP addresses on the Internet.
First you need to configure port forwarding in the router to forward incoming mail traffic to your mail server. Refer to the application note here to configure Open Ports.
In our example we only want to allow SMTP from the following IP addresses:
18.104.22.168 / 255.255.252.0
22.214.171.124 / 255.255.255.224
126.96.36.199 – 188.8.131.52
Ensure that the Data Filter is enabled.
Start with Filter set 2.
We will create our firewall rules as a separate filter set (Set#3) so we need to select the Next Filter Set to be Set#3.
Block SMTP port 25 from Internet to the LAN.
Select the action “Block if No Further Match” to block the SMTP traffic and then run the next firewall rule.
Create firewall rule to allow Port 25 through the firewall if source IP address is from 184.108.40.206 / 255.255.252.0
Create firewall rule to allow Port 25 through the firewall if source IP address is from 220.127.116.11/255.255.255.224
Create firewall rule to allow Port 25 through the firewall if source IP address is from 18.104.22.168 – 22.214.171.124
Completed Firewall Rules