Hi Ya’ll, we’re an ISP and we provide our customers with our own email dns addresses. We block port 25 for obvious reasons, but my problem is that a customer cannot use any other DNS email because of the port 25 blocking. I’ve tried making an accept rule in ip-firewall-filter rules that allows port 25 traffic to a specific smtp ip address to go through, but it isn’t working. Any tips?
Mac
I use a simple rule, in this example my main (ISP) Mail server is 1.1.1.1 and a customer has a mail server someone else hosts at 2.2.2.2/32 and another customer at 3.3.3.3/32.
This rule blocks an destination TCP port 25 that is not destined for the IP addresses listed in the address List SMTP-addr.
/ ip firewall filter
add chain=forward protocol=tcp dst-port=25 dst-address-list=!SMTP-addr action=drop comment=“” disabled=no
/ ip firewall address-list
add list=SMTP-addr address=1.1.1.1/32 comment=“ISP SMTP” disabled=no
add list=SMTP-addr address=2.2.2.2/32 comment=“Cust1 SMTP” disabled=no
add list=SMTP-addr address=3.3.3.3/32 comment=“Cust2 SMTP” disabled=no
I hope this helps.
Done, but it doesnt show any packets.