Question Secure email reception from MX

[Erwan]

Hi all,

On a server (Plesk Obsidian 18) we have domain mail (Postfix / Dovecot). The MX domain names are hosted on another server (anti-spam system) which sends the flow of messages to our server.
Except that some spam still arrives on our server because the messages are sent directly to the IP of this server (old MX).

How is it possible with Plesk or iptables instruction to only allow the reception of message from the flows coming from the ip of the MX?

Thank you.

 

[Bitpalast]

You cannot use iptables for this, because then you will also block outgoing mail operations. You can of course block all incoming packets from different servers on port 25 except packets coming from your one anti-spam-solution, but when a mail goes out, the server needs to be able to talk with the recipient server, which won't work properly if you block port 25 for incoming packets. There might be a solution where you leave a port open for a certain amount of time when your server initiates the first packet to a destination, but it's still a very questionable setup.

I think the only way to achieve what you want is to manually edit the Postfix configuration. Here might be a good place to start on your case (last post in the thread by Viktor Dukhovni:

Postfix Users - Blocking mail from all but one domain

Blocking mail from all but one domain. Hi, I have a postfix-3.1.4 installation and have been given a request to block all incoming mail from all but a single specific domain and block all outgoing...

postfix.1071664.n5.nabble.com

The problem with an edit is that Plesk might overwrite changes of the Postfix configuration when you do parameter changes in Plesk.
This here could also help:

Postfix Per-Client/User/etc. Access Control

www.postfix.org