How to Disable SMTP Access
Question asked by Rafael Grecco - 5/15/2018 at 12:02 PM
I have a costumer with over 3000 e-mails accounts and he has a very specific request.
Sending e-mails (outgoing SMTP) should only be allowed through Webmail interface. Any e-mail sent from Outlook or any other e-mail client should not work.
I know that I can disable IMAP, POP and Webmail access from "Service Access". How do I disable SMTP access for a user?
If I disable "outgoing SMTP access" I understand that the user will not be able to send any e-mail, even from Webmail, correct? That's not what I need... I need only to disable it for e-mail clients.

4 Replies

Reply to Thread
Joe Wolf Replied
I'm not suggesting a solution, but I'm just thinking out loud. You might want to look into something like SquirrelMail or RoundCube webmail systems. You can tell them what port to use... so you could define a Binding Port that is non-standard that one of those webmail systems could use. I don't think you can set a port in SmarterMail webmail.

Just an idea.

Paul Blank Replied
Webmail protocols do NOT use port 25 (it uses HTTP/HTTPS browser protocols), but of course the mail server typically uses port 25 to communicate with the outside world.
So here is perhaps one way to do this (it probably has a cost):
At your router, lock down port 25 and shut off 465 (and lock down or disable 587, to be safe?) to the server from any machine on the LAN, while still allowing the server to communicate with the Internet on that port.
Pursuant to the above paragraph, also don't allow ports 465 or 587 through the firewall, from the Internet to the mail server.
Port 465 is for SSL, so if this is not enabled anyway on the mail server, it's not a problem.
Use a smarthost/outside gateway/relay host if you're not doing so already, such as Symantec email security.cloud. You then can (and should!) block inbound traffic to the mail server on port 25 EXCEPT for access to the mail server by the smarthost.
Rafael Grecco Replied
Hi Paul, thank you for your reply.

It will not work in this case... the server is on the internet, there is no LAN. I could disable port 587, but if someone configured Outlook to use port 25, it would work.

I also have a security gateway, but this is not a matter of security. My client simply does not want anyone (any employee) sending e-mails throught cellphones, e-mail clients, etc. It should be 100% through webmail.

The only way is to have a feature on Smartermail to disable users from sending e-mails from e-mail clients, like when we disable POP and IMAP access.

I don't believe such a feature exists, right?
Paul Blank Replied
The smarthost solution will probably  work. You need a router such as a Sonicwall or software router. Not sure if you can do this with Windows firewall.
And you need a smarthost. Also look at mail reflector from Noip.com.

Reply to Thread