Hello Mailcow community,
I am setting up a Mailcow server and would like to restrict incoming email traffic on port 25 to only accept messages from a specific list of IP addresses (including but not limited to SpamTitan). The goal is to ensure that the server only processes SMTP connections from trusted sources and blocks all other traffic on port 25.
I have attempted to implement this restriction using nftables. I added custom rules to the DOCKER-USER chain to allow connections only from specific IP addresses. However, it seems Docker’s networking configuration may be overriding or bypassing these rules, as port 25 remains accessible to other sources.
Here’s my current setup:
I’m using nftables for firewall management.
I have placed rules in the DOCKER-USER chain to allow connections on port 25 only from specific IP addresses (including SpamTitan’s).
Despite these efforts, port 25 still allows connections from other addresses, suggesting Docker may be overriding or conflicting with my nftables setup.
Here’s an example of my nftables configuration:
table inet filter {
chain DOCKER-USER {
ip saddr != x.x.x.x tcp dport 25 drop comment "Allow only specific IPs"
counter packets 0 bytes 0 return
}
}
Has anyone successfully restricted port 25 to only allow traffic from a list of IP addresses while using Mailcow and Docker? I’d appreciate any tips, guidance, or example configurations to ensure that Mailcow only accepts SMTP traffic from trusted IPs.
Thank you for your help!