Knowledgebase
Block Incoming SMTP Traffic from Internet except Specific IP Addresses
Posted by Roy Panetta on 28 October 2016 02:37 PM

In this application note we will show you how to configure a DrayTek Vigor router to only allow SMTP mail to the LAN from certain IP addresses on the Internet. 

First you need to configure port forwarding in the router to forward incoming mail traffic to your mail server. Refer to the application note here to configure Open Ports.

In our example we only want to allow SMTP from the following IP addresses:

210.71.123.0 / 255.255.252.0

69.88.123.224 / 255.255.255.224

44.56.78.192 – 44.56.78.207

 

Step 1:

Ensure that the Data Filter is enabled.

Picture-1

Step 2:

Start with Filter set 2.

We will create our firewall rules as a separate filter set (Set#3) so we need to select the Next Filter Set to be Set#3.

Picture-2

Step 3:

Block SMTP port 25 from Internet to the LAN.

Select the action “Block if No Further Match” to block the SMTP traffic and then run the next firewall rule.

Picture-3

Step 3:

Create firewall rule to allow Port 25 through the firewall if source IP address is from 210.71.123.0 / 255.255.252.0

Picture-4

 

Step 4:

Create firewall rule to allow Port 25 through the firewall if source IP address is from 69.88.123.224/255.255.255.224

Picture-5

Step 5:

Create firewall rule to allow Port 25 through the firewall if source IP address is from 44.56.78.192 – 44.56.78.207

Picture-6

 

Completed Firewall Rules

Picture-7

 

(1 vote(s))
Helpful
Not helpful

Comments (0)