KB00022601 Guide to Mailtraq SecurityBecause Mailtraq provides connectivity for your entire network through a single dial-up connection it should also act as a responsible firewall, securing your network from machines on the Internet.
By default Mailtraq does not impose access restrictions. This is because without knowing the nature of your network, it may prevent some legitimate operations from taking place (for example, the arrival of mail on your network or remote access by your employees). It is therefore your responsibility to enable the appropriate security measures.
Deny Access to Everyone
Your TCP/IP network is likely to be Class C (that is, only the last number in the IP address changes between machines). A good measure would be to enable the firewall on each Mailtraq service and limit access only to those machines within that range, e.g. 192.168.1.*. Note that IP addresses are specific to network adaptors (e.g. your network card or modem), and as such the machine Mailtraq runs on may have two IP addresses. Thus the firewall controls access from the network adaptors. Since a dial-up adaptor is assigned its IP address by the Internet Service Provider (and this address must be unique) it is nearly impossible to assume another machine's identity and thus break through the firewall.
You may have seen the IP addresses mentioned above used on other machines, but that would have been a network card. Added to this, the IP address range 192.168.*.* is reserved for Intranets and cannot be used on the Internet.
To implement this...
- Go to Options -> Server Properties and enter this range in the LAN tab
- Go to Options -> Services and for each service go to Access Control and select Option 3 (Local Area Network)
Note: Mail delivered via SMTP
If you receive any mail via SMTP (e.g. from your Internet Service Provider, or from other machines because you have a permanent connection) then clearly you cannot prevent machines from connecting to the SMTP Service. |