IPsec configuration to allow SMTP only

Giganews Newsgroups
Subject: IPsec configuration to allow SMTP only
Posted by:  bingyeo
Date: Mon, 7 Dec 2009

Hi

I have a box with Mailenable installed and I would like to use IPsec IP
filtering to allow only SMTP traffic to pass through the NIC which is
connected to a router, firewall disabled.

In the IPsec policy, I created 3 filters:

All traffic to 192.168.100.100 blocked
All ICMP traffic Permit
SMTP port 25 Permit

For SMTP port 25 filter:

Source address 192.168.100.100 (NIC's address. This IP is chosen as the
Outbound IP binding under SMTP connector properties as well)
Destination address Any IP Address
Mirrored checked
Protocol TCP
From port 25
To any port

For All Traffic to 192.168.100.100
Source address 192.168.100.100
Destination address Any IP Address
Mirrored Checked
Protocol Any

When I do a test send from a Mail enable account, the mail gets stuck in the
Outbound queue.
It gets sent successfully when I unassign the IPsec policy, so I know it has
got to do with the filter config.
I have tried changing the protocol source and destination ports (From 25 to
25, From 25 to Any, From Any to 25) but nothing works.

Can anyone help?

Replies