Access Control

I need help understanding the Access Control settings.
I have 2014 SP1 installed on a SuSE 11 SP3, only one Post Office, Domain, and all agents are on this dedicated server.

I want to lock down incoming messages to specific internet IPs.
We have moved our email security to the cloud, thus the reason for this.
I have made the necessary changes to the DNS Server yesterday and I came in early this morning in hopes of finishing up.
In the GWIA Access Control settings for the Default Class of Service, under SMTP Incoming, I added the IPs that the vendor said we would use under the 'Allow messages from:'

Question: In adding the IPs can I use wildcards for this? For example, if an IP Range is: 10.10.10.20-10.10.10.30, is 10.10.10.2? a valid entry?

I then selected 'Prevent incoming messages', clicked OK until I was all the way out of the gwia settings, then restart the gwia agent.
I sent a test message from my personal (hotmail) account and it was immediately rejected as undeliverable.
(Naturally, I went back in and selected 'Allow incoming messages' until I can get a successful test).

I'm thinking that it might be the wildcard that is not acceptable?
If not, then I don't know what else I need to do.

I saw TID 7006146 - Configure GWIA to only allow inbound SMTP traffic from a specific site.
Which shows: In the Exceptions, "Allow messages from" section , put in an entry of, *@*.*
However, I don't THINK it applies since it lists only GW versions 6 - 8.(?)

Many thanks!

Stan
Parents
  • Hi.

    Am 12.11.2014 13:56, schrieb Demaximis:
    >
    > I need help understanding the Access Control settings.


    Yes. ;)


    > Question: In adding the IPs can I use wildcards for this?


    Answer: You don't and can't use IPs there.

    > I saw TID 7006146 - Configure GWIA to only allow inbound SMTP traffic
    > from a specific site.
    > Which shows: In the Exceptions, "Allow messages from" section , put in
    > an entry of, *@*.*
    > However, I don't THINK it applies since it lists only GW versions 6 -
    > 8.(?)


    It does apply, and is a dead giveaway that access control works based on
    email addresses (only), and not IPs.

    What you're looking for is a job for a firewall. It's outside the scope
    of what GWIA can do.

    CU,
    --
    Massimo Rosen
    Novell Knowledge Partner
    No emails please!
    http://www.cfc-it.de

  • Massimo, hate to burst your bubble, but access control does work for IP's.



    For whatever reason, the syntax to provide 'wildcarding' of addresses is not *, but you include a range of addrs you want to accept from: ie, 10.10.10.5-100, using a - to specify the range..



    --Morris



    >>> Massimo Rosen<mrosenNO@SPAMcfc-it.de> 11/12/2014 8:48 AM >>>



    Hi.

    Am 12.11.2014 13:56, schrieb Demaximis:

    >
    > I need help understanding the Access Control settings.


    Yes. ;)



    > Question: In adding the IPs can I use wildcards for this?


    Answer: You don't and can't use IPs there.


    > I saw TID 7006146 - Configure GWIA to only allow inbound SMTP traffic
    > from a specific site.
    > Which shows: In the Exceptions, "Allow messages from" section , put in
    > an entry of, *@*.*
    > However, I don't THINK it applies since it lists only GW versions 6 -
    > 8.(?)


    It does apply, and is a dead giveaway that access control works based on
    email addresses (only), and not IPs.

    What you're looking for is a job for a firewall. It's outside the scope
    of what GWIA can do.

    CU,
    --
    Massimo Rosen
    Novell Knowledge Partner
    No emails please!
    http://www.cfc-it.de
  • I will give that a try tomorrow and I will report my results.

    Thanks Morris!:)
  • Morris,

    Am 12.11.2014 21:54, schrieb Morris Blackham:
    > Massimo, hate to burst your bubble, but access control does work for IP's.


    Thanks. I get old... :( ;)

    CU,
    --
    Massimo Rosen
    Novell Knowledge Partner
    No emails please!
    http://www.cfc-it.de
  • You too!? :rolleyes:

    I made the suggestion changes and I got the same results: Test messages from my hotmail account to my work account weren't being delivered.
    So, I gave up on that "feature" and made settings in our firewall to prevent anything connecting to our mail server (port 25) except for the security servers.

    Stan
Reply Children
No Data