Deny all access to SMTP/POP3 and enable only for specific IP

[Jangan]

Hello everyone,

I want to Deny all access to SMTP/POP3 and enable only for specific IP address.

so everyone will not be able to connect

MYSERVERIP@ port 25 or 465 or 110 or 993

but i will enable 1 IP to connect to them

so allow ip EXTERNALIP to connect to MYSERVERIP

 

[Jcats]

You can use iptables but to make it easier to manage, install CSF:

https://configserver.com/cp/csf.html

Once installed, change the line in /etc/csf/csf.conf

TCP_IN

remove all the ports you referenced from that line

restart csf

# csf -ra

and then whitelist the IP you want access

# csf -a IP

 

[cPanelLauren]

You could also use Host Access Control to do this as well - you can control SMTP, POP3 and IMAP access using this feature. More information can be found in our documentation here: Host Access Control - Version 72 Documentation - cPanel Documentation

Thanks!

 

[keat63]

I've tried this., and I'm pretty sure that you can't block port 25. By doing so you'll also block other email servers from connecting, resulting in you receiveing no emails at all.
Unfortunately, anyone can still then connect to smtp using port 25.




For starters, I would suggest to toy with HostAccessControl.

In HAC, add

POP3 .................... Your IP .......................... Allow
IMAP ..................... Your IP .......................... Allow

then

POP3 .................... All .......................... Deny
IMAP ..................... All .......................... Deny

Could you use the same rule for SMTP or would this cause problems with other email servers ???