• Introducing WebPros Cloud - a fully managed infrastructure platform purpose-built to simplify the deployment of WebPros products !  WebPros Cloud enables you to easily deliver WebPros solutions — without the complexity of managing the infrastructure.
    Join the pilot program today!
  • Support for BIND DNS has been removed from Plesk for Windows due to security and maintenance risks.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS.

Preventing direct access to the SMTP server?

D

Daniel15

Guest
Hi everyone,
Because of Plesk's lack of a proper SMTP server (eg. Postfix or Exim), I set up a separate server to work as a spam filter, which filters emails for spam and then forwards these to my web server. I changed the MX record for all my domains to the FQDN of the spam filter, so other servers sending me emails would be connecting to my spam filter, rather than directly to the Plesk server.

Unfortunately, some spammers don't seem to read the MX record, and I still get a bit of spam (because SMTP is not blocked on the Plesk server, so they're still getting to me). My question is, is it possible to edit the configuration of the Plesk server so that only "localhost" and the spam filter can connect to the SMTP server? If so, what config files would I need to edit? The IP address of my Plesk server is 66.79.167.131, and the spam filter/gateway is 66.79.183.73.

Thanks.
 
Hi

As far as I know only Qmail is supported as MTA for Plesk for Linux/Unix at the moment.
I think the easiest way to have your task done is to setup the firewall using iptables.
Drop all the packets to 25 except the one which comes from the localhost, this is not too
complex and should work without problem. Also it is possible to use Plesk firewall, it is configured through GUI.
 
you may just redefine smtp and smtps ports in /etc/services to something different and restart (x)inetd, so general public will not bother you. of course filtering server should be configured to use this port instead of default 25th/465th (as well as all mail users of your Plesk server)
 
If you install spamdyke (which takes less than 15 mins) for qmail you can use one of its features to prevent any incoming smtp connections from any IPs other than your mailserver's (unless the connection is authenticated but that won't be a problem, and I think you can deal with that too if need be).

www.spamdyke.org
 
you may just redefine smtp and smtps ports in /etc/services to something different and restart (x)inetd, so general public will not bother you.
Click to expand...
Ooh, thanks, that'll work for me :D

If you install spamdyke (which takes less than 15 mins) for qmail you can use one of its features to prevent any incoming smtp connections from any IPs other than your mailserver's
Click to expand...
This sounds good as well, and is probably a better solution as opposed to changing the port. :)
I guess Spamdyke works on Debian Linux? I'm using Debian.

Thanks guys :D
 
You can do this with a basic firewall rule as well:


iptables -I INPUT -p tcp --dport 25 -s <allowed ip> -j ACCEPT
iptables -I INPUT -p tcp --dport 25 -j REJECT
 
You must log in or register to reply here.

Similar threads

B
Question Plesk email relay incoming emails to another server
Replies
1
Views
525
bit
B
C
Issue Help needed with spam filtering
Replies
5
Views
972
ciB
C
M
Resolved Plesk Email Security Pro: No access to individual Blacklist/Whitelist/Filter sensitivity - Button is Missing since
Replies
2
Views
922
mcac
M
Jürgen_T
Question Safe to enable postgrey with free Plesk Email Security (Amavis + SpamAssassin + ClamAV)?
Replies
1
Views
482
ChristophRo
ChristophRo
I
Question Mail only for notifications from Plesk
Replies
0
Views
354
Igdirli76
I
Back
Top