[BlueOnyx:12454] Re: Allow Inbound Email From Only One IP or Host

[Gerald Waugh]

On 03/06/2013 04:32 PM, David Hahn wrote:
> Hi all,
> I have a blue quartz 5100 still running the old
> nuonce/solarspeed av/spam package. It no longer
> updates sa and clam ect... With the garbage being
> sent it no longer has much of a chance protecting
> mail as good as the current av/spam package does.
> BTW, the current package works GREAT!
>
> Using 2 servers one the MX points to with the av/spam
> package on it (server 1 BO5601). It then scans the mail and
> sends it to the BQ5100 server 2.
>
> My question is, how do I stop mail from by-passing
> the MX records and go around server 1 and directly
> to server 2?
>
> If i use iptables to block port 25 for all but
> one ip address local mail, users mail admin root ect..
> quits sending on server 1.
taking a wild guess here, but try adding this rule before the below rule/s
should allow localhost access
iptables -I INPUT 1 -i lo -p tcp --dport 25 -j ACCEPT
>
> # iptables -A INPUT -s ! 1.2.3.4 -p tcp --dport 25 -j REJECT
> or
> # iptables -A acctin -s ! 1.2.3.4 -p tcp --dport 25 -j REJECT
>
> What other rule would I use to keep the localhost and domains
> and the internals happy on server 2 and only allow mail from
> server 1 and no where else or a more permanent better way to
> do so.
>
-- 
Gerald