Using ACL's to restrict SMTP Access from specific hosts.
I recently had to configure a Citrix Netscaler (version 10.5) to load balance SMTP mail for an organisation. They were using Microsoft's smart mail host, so I wanted to restrict access to specific IP addresses. All configuration is done via the CLI - but you can do this in the GUI - navigate to Configuration / System / Network / ACLs
The remote addresses I will use here, are 1.1.1.1 and 2.2.2.2
> add ns acl ALLOW-SMTP-1.1.1.1 ALLOW -srcIP = 1.1.1.1 -destPort = 25 -protocol TCP -priority 10
Done
> add ns acl ALLOW-SMTP-2.2.2.2 ALLOW -srcIP = 2.2.2.2 -destPort = 25 -protocol TCP -priority 20
Done
> add ns acl RESTRICT-SMTP-ALL DENY -srcIP = 0.0.0.0-* -destPort = 25 -protocol TCP -priority 50
Done
Note there is no implicit deny or accept at the end of the ACL, so you must restrict the source addresses yourself...
After configuring the above ACL's - apply them
> apply ns acls
Done
If you need to remove the ACL's then you can remove one at a time
rm ns acl ALLOW-SMTP-1.1.1.1
or remove them all at once:
clear ns acl