Koozali.org: home of the SME Server

Change listening port for Inbound emails

Offline howard5091

  • 8
  • +0/-0
Change listening port for Inbound emails
« on: April 28, 2016, 05:12:47 PM »
Hello,

I am using XEAMS email filtering appliance, and would like to change the SME server listening port 25 to some other port so that spammers will be less inclined to send directly to my SME server.  The idea is to set the port to another value, and then set that port in XEAMS so that anyone sending emails that tries to connect to the SME directly will not be able to without knowing the port that I set, but the XEAMS will be able to forward the legit emails using the new port.  The XEAMS server has its own MX record with top priority, and the SME server is second in line.  Most emails are coming in through the XEAMS server as they should, but it seems that some spammers have cached the IP of my SME server and are still hitting it directly.  I tried to use "config setprop smtpd TCPPort "someport" and then /etc/init.d/qpsmtpd restart along with signal-event email-update but it seems that the new port that I set may be getting blocked by the iptables firewall.  Which commands would I use to properly reset the port and add the new rule(s) so that the new port is able to be open to the outside?

Thank you and I hope this all makes sense.



Offline Daniel B.

  • *
  • 1,699
  • +0/-0
    • Firewall Services, la sécurité des réseaux
Re: Change listening port for Inbound emails
« Reply #1 on: April 28, 2016, 05:26:23 PM »
This won't work. If you want only your appliance to be able to reach your SME Server's SMTP, then you should filter at the firewall level:

Code: [Select]
db configuration setprop smtpd AllowHosts <IP address of your appliance>
signal-event remoteaccess-update

Note however that it doesn't make sens for your SME Server to be listed in the MX if its port 25 is not reachable (because of firewall filtering, or because you used another port)
« Last Edit: April 28, 2016, 05:30:56 PM by Daniel B. »
C'est la fin du monde !!! :lol:

Offline howard5091

  • 8
  • +0/-0
Re: Change listening port for Inbound emails
« Reply #2 on: April 28, 2016, 05:30:56 PM »
Thank you for the advice.  I removed the MX record a little bit ago after I thought about it.  The only issue is that my users still use the SME server to send emails through port 465 SSL.  Will changing the firewall as you mentioned block them from sending emails through the SME server?

Thanks again

Offline Daniel B.

  • *
  • 1,699
  • +0/-0
    • Firewall Services, la sécurité des réseaux
Re: Change listening port for Inbound emails
« Reply #3 on: April 28, 2016, 05:34:38 PM »
Will changing the firewall as you mentioned block them from sending emails through the SME server?

As long as they use port 465 (with SSL) they won't be affected. Only if they use port 25 (with STARTTLS) they won't be able to relay anymore
C'est la fin du monde !!! :lol:

Offline howard5091

  • 8
  • +0/-0
Re: Change listening port for Inbound emails
« Reply #4 on: April 28, 2016, 07:34:49 PM »
This has solved all of my issues!  Thank you very much.