Deny all access to SMTP/POP3 and enable only for specific IP

Jangan

Registered
Jun 24, 2018
2
0
1
Canada
cPanel Access Level
Root Administrator
Hello everyone,

I want to Deny all access to SMTP/POP3 and enable only for specific IP address.

so everyone will not be able to connect

[email protected] port 25 or 465 or 110 or 993

but i will enable 1 IP to connect to them

so allow ip EXTERNALIP to connect to MYSERVERIP
 

Jcats

Well-Known Member
PartnerNOC
May 25, 2011
797
152
168
New Jersey
cPanel Access Level
DataCenter Provider
You can use iptables but to make it easier to manage, install CSF:

https://configserver.com/cp/csf.html

Once installed, change the line in /etc/csf/csf.conf

Code:
TCP_IN
remove all the ports you referenced from that line

restart csf

Code:
# csf -ra
and then whitelist the IP you want access

Code:
# csf -a IP
 
  • Like
Reactions: sparek-3

keat63

Well-Known Member
Nov 20, 2014
1,387
108
93
cPanel Access Level
Root Administrator
I've tried this., and I'm pretty sure that you can't block port 25. By doing so you'll also block other email servers from connecting, resulting in you receiveing no emails at all.
Unfortunately, anyone can still then connect to smtp using port 25.




For starters, I would suggest to toy with HostAccessControl.

In HAC, add

POP3 .................... Your IP .......................... Allow
IMAP ..................... Your IP .......................... Allow

then

POP3 .................... All .......................... Deny
IMAP ..................... All .......................... Deny

Could you use the same rule for SMTP or would this cause problems with other email servers ???
 
Last edited: