Re: block port 25 inbound but still send mail

From: Bill Zak. (billzakrowski@hotmail.com)
Date: 10/11/02 

From: billzakrowski@hotmail.com (Bill Zak.)
Date: 11 Oct 2002 10:40:06 -0700

Thanks for the help, but I am still confused...

I guess my questions are really:

1. Do I have to allow both inbound and outbound connections on port 25
for my SMTP server to properly send email (I don't want it to receive
mail).

2. Do I have to open any "high" ports on the firewall for the SMTP
server to properly send email? I wouldn't have a problem opening the
high ports on outbound, but I would feel kinda creeped out if I had to
open them inbound.

Cheers,
B.

"Tony Whitmore" <tony_whitmore@nospamhotmail.com> wrote in message news:<b_vp9.298$0O4.36235@wards>...
> Just a suggestion, but you could allow incoming connections from the IP
> address of your "real" SMTP server. Use your firewall to restrict access to
> just that one IP address though. Then see if your performance improves.
>
> Cheers,
>
> Tony Whitmore
>
>
> "Bill Zak." <billzakrowski@hotmail.com> wrote in message
> news:39d259cb.0210101720.6389b8a6@posting.google.com...
> > I have an SMTP server that I would like to use as a helper for our
> > "real" mail server. I would like the helper SMTP server to only send
> > email -- not receive anything.
> >
> > In my firewall config, I have opened up port 25 *outbound only* for
> > the helper server. Connections to the helper server on port 25
> > initiating from the outside world are rejected explictly by our trusty
> > firewall.
> >
> > Most mail sends just great. However, I seem to get way, way more
> > undeliverable mail in the helper's queue than I think I should. Could
> > this be because the recipient's mail server wants to handshake or talk
> > to the helper before accepting the email, and because port 25 is
> > blocked the recipient refuses the mail?
> >
> > Also I am confused by this because I thought if there were any
> > handshaking required it would take place over a "high" port -- which
> > would also be blocked by my firewall.
> >
> > Hmmmm...
> > Any help is appreciated.
> > B.

Relevant Pages

  • RE: Some technical errors
    ... If the SMTP server is not running on port 25 TCP it is not a public ... Manager - Computer Assurance Services BDO Chartered Accountants & ...
    (Security-Basics)
  • Re: network programming: how does s.accept() work?
    ... The program you contact at Google is a server. ... so, the server will usually assign a new port, say 56399, specifically ... connections to a server remain on the same port, ... sockets is what identifies them. ...
    (comp.lang.python)
  • Re: SMTP and tcp ports
    ... This ACL would permit access to the internal SMTP server (listening on TCP port 25) from external clients and servers. ... The mail clients would be using a TCP source port>1023, and external mail servers would be using TCP source port 25, or TCP source port>1023. ...
    (comp.dcom.sys.cisco)
  • Nimda.E/unknown memory resident, internet-aware processes
    ... a client's NT 4.0 server was infected with what appeared to be ... network traffic and saw several suspect connections. ... one other connection to port 2787. ... along with about 500 other compromised systems on just that one IRC server. ...
    (Incidents)
  • Re: iptables newbie question
    ... so it's not a dedicated server. ... > merely want to limit connections on that port ONLY to the e-mail server ... do you want to be able to establish connections out to ... The same sort of thing happens for any request you make - dns, ntp, web, ...
    (comp.os.linux.security)
Quantcast