Scenario:
We are hosting our own email server locally. our firewall router have public ip 1.2.3.4 and forward incoming smtp port 25 traffic to barracuda email security gateway device, which then forward the email to our email server.
Now we have enabled the barracuda cloud control and in our web site public dns, we have changed MX record from 1.2.3.4 to use barracuda cloud x.x.x.x, so all of our inbound emails are now first arriving on barracuda cloud which then filter and send it to our 1.2.3.4 which filter and forward it to ESG (via our firewall router)
to enhance more security on smtp port on firewall router, is it possible that we only allow only barracuda cloud ip ranges to contact our firewall on port 25 ? currently our firewall router accepts port 25 traffic from any IP, is it better to restrict to accept smtp port 25 traffic from...