0 votes
I have an upstream email spam filtering provider that is listed as our mx record, then they pass our email on to us at our gateway/firewall router (ClearOS Business Edition 7.4-1) on port 25.
email from their servers is the ONLY inbound email we want to receive...

Other misc info to paint the whole picture.
our email server is another server on our lan. I want to configure the clearOS box, that CURRENTLY forwards port 25 traffic to our email server via port forwarding.

What is the best way to accomplish this on our clearOS box, which is our gateway firewall? I am assuming this is a custom firewall entry, but maybe there is an app already for this.
Any and all help is appreciated.
George Miller
Saturday, March 27 2021, 06:42 PM
Share this post:
Responses (1)
  • Accepted Answer

    Sunday, March 28 2021, 09:01 AM - #Permalink
    0 votes
    You will need a custom firewall rule. With Custom Firewall rules you should always try them at the command line first in case they are wrong. An incorrect rule entered through the webconfig can cause the firewall to go into a restart loop. If this happens you have to be comfortable with editing the file /et/clearos/firewall.d/custom from the console, in case you need to delete the rule. I prefer the nano editor over vi.

    You will need to leave in place your current port forwarding rule. Then, at the command line try:
    iptables -I FORWARD -i your_external_interface ! -s your_external_filtering_service_IP -p tcp --dport 25 -j DROP.
    If that works, change "iptables" to "$IPTABLES" and use the command in the Custom Firewall. It will only work for a single IP or subnet. If your provider uses multiple IP's, then it gets a bit harder.
    The reply is currently minimized Show
Your Reply