We are using MessageLabs to filter our email. I have been trying to lock down our firewall to only accept smtp connections from the messagelabs mail servers using the following; INPUT -p tcp -m tcp --dport 25 -m iprange --src-range xxx.xxx.xxx.xxx-xxx.xxx.xxx.xxx -j ACCEPT I have done this for each of ML's IP ranges. However, some mail is still getting through from other hosts (spammers) by directly connecting to our mail server. What else do I need to lock down to prevent this? Thank you.