Re: blocking telnet port 25 ?

From: jmd (jm.dessaintes@iesn.be)
Date: 02/13/03 

From: "jmd" <jm.dessaintes@iesn.be>
Date: Thu, 13 Feb 2003 13:10:04 +0100

Thank you for your speedy answer.
I thought that, on my Exchange 2K server, SMTP was used only for outgoing
mail and Pop3/Imap4 for ingoing mail.
So I thought that I could block port 25 packets coming from Internet.
As it is now I can :
    telnet mymailserver.domain 25
and send spam emails from fictitious user !
I will see to put the mail server behing our isa firewall server.
Still thank you.
Jean-Marie.
Iesn/Belgium

"Robert Moir" <bofh@mvps.org> wrote in message
news:ONdTYyu0CHA.2076@TK2MSFTNGP10...
> jmd wrote:
> > Hello.
> > I have a member Win2000 server with Exchange 2000 + Conferencing
> > Server + Outlook Web Access.
> > It contains 2 nics : one to internal network, the other to external
> > network. All is working ok.
> > Telnet server service is not installed (disabled) on that machine
> > (telnet myserver.domain.com denied (port 23 not allowed)).
> > But I see that I can :
> > telnet myserver.domain.com 25
> > without entering a user name & password.
> >
> > My question : how can I block a telnet access to any port from
> > internet ?
>
> You can't block access to a port if you need it open for other purposes.
> Port 25 is the SMTP mail port, which needs to be open if this server needs
> to send and receive email, and judging by what you describe this server as
> doing, I'd say thats likely.
>
> You *could* block this server off behind the firewall and have something
> else act as an SMTP smarthost on it's behalf, but your SMTP smarthost will
> need to have port 25 open to the internet so this is moving the problem
not
> curing it.
>
> Its entirely natural for a system that talks to the internet to expose
some
> ports to the internet. Why do you think this is a problem?
>
> Rob
> Microsoft MVP
>
>

Relevant Pages

  • RE: Pop3 connector, DNS and mail receive problem...
    ... Server", in the previous post, we stop it for troubleshoot the POP3 ... If you need to forward internet email to your ISP ... To verify that you are successfully connected to the SMTP Mail Service, ... 265293 How to Configure the SMTP Connector in Exchange ...
    (microsoft.public.windows.server.sbs)
  • Re: blocking telnet port 25 ?
    ... > SMTP is used for incoming and outgoing mail. ... > with DELIVERY of mail to a server. ... >>So I thought that I could block port 25 packets coming ... >>> need to have port 25 open to the internet so this is ...
    (microsoft.public.win2000.security)
  • Re: SPAMBOT Symptoms?
    ... and that pronounces that server is not an open relay. ... The sender of messages in almost every SMTP queue entry was a single ... If you suspect it is internal, if you are using ISA, you can track port ... direct route to the internet and must go through the SBS box. ...
    (microsoft.public.windows.server.sbs)
  • RE: smarthosts and fwding outgoing mail to isp mail server
    ... Please double check if the OWA can send mail to internet. ... 821910 How to troubleshoot for Exchange Server 2003 transport issues ... You may mail the SMTP log and tracking log to my mail address: ... Microsoft CSS Online Newsgroup Support ...
    (microsoft.public.windows.server.sbs)
  • Re: SPAMBOT Symptoms?
    ... least one bad domain name and so SMTP connections failed. ... get this marketing slime off the company's business server. ... I don't know how to lock port 25 from ... direct route to the internet and must go through the SBS box. ...
    (microsoft.public.windows.server.sbs)