In this application note we will show you how to configure a DrayTek Vigor router to only allow SMTP mail to the LAN from certain IP addresses on the Internet.
First you need to configure port forwarding in the router to forward incoming mail traffic to your mail server. Refer to the application note hereto configure Open Ports.
In our example we only want to allow SMTP from the following IP addresses:
220.127.116.11 / 255.255.252.0
18.104.22.168 / 255.255.255.224
22.214.171.124 – 126.96.36.199
Ensure that the Data Filter is enabled.
Start with Filter set 2.
We will create our firewall rules as a separate filter set (Set#3) so we need to select the Next Filter Set to be Set#3.
Block SMTP port 25 from Internet to the LAN.
Select the action “Block if No Further Match” to block the SMTP traffic and then run the next firewall rule.
Step 3.5 :
Create firewall rule to allow Port 25 through the firewall if source IP address is from 188.8.131.52 / 255.255.252.0
Create firewall rule to allow Port 25 through the firewall if source IP address is from 184.108.40.206/255.255.255.224
Create firewall rule to allow Port 25 through the firewall if source IP address is from 220.127.116.11 – 18.104.22.168
Completed Firewall Rules