Re: blocking telnet port 25 ?

From: Russ (rwsinclair@mcpmail.com)
Date: 02/13/03 

From: "Russ" <rwsinclair@mcpmail.com>
Date: Thu, 13 Feb 2003 05:56:42 -0800

SMTP is used for incoming and outgoing mail. Once it
makes its way into a user's mailbox, POP3 can be used to
retrieve the mail, but POP and IMAP have nothing to do
with DELIVERY of mail to a server.

>-----Original Message-----
>Thank you for your speedy answer.
>I thought that, on my Exchange 2K server, SMTP was used
only for outgoing
>mail and Pop3/Imap4 for ingoing mail.
>So I thought that I could block port 25 packets coming
from Internet.
>As it is now I can :
> telnet mymailserver.domain 25
>and send spam emails from fictitious user !
>I will see to put the mail server behing our isa firewall
server.
>Still thank you.
>Jean-Marie.
>Iesn/Belgium
>
>"Robert Moir" <bofh@mvps.org> wrote in message
>news:ONdTYyu0CHA.2076@TK2MSFTNGP10...
>> jmd wrote:
>> > Hello.
>> > I have a member Win2000 server with Exchange 2000 +
Conferencing
>> > Server + Outlook Web Access.
>> > It contains 2 nics : one to internal network, the
other to external
>> > network. All is working ok.
>> > Telnet server service is not installed (disabled) on
that machine
>> > (telnet myserver.domain.com denied (port 23 not
allowed)).
>> > But I see that I can :
>> > telnet myserver.domain.com 25
>> > without entering a user name & password.
>> >
>> > My question : how can I block a telnet access to any
port from
>> > internet ?
>>
>> You can't block access to a port if you need it open
for other purposes.
>> Port 25 is the SMTP mail port, which needs to be open
if this server needs
>> to send and receive email, and judging by what you
describe this server as
>> doing, I'd say thats likely.
>>
>> You *could* block this server off behind the firewall
and have something
>> else act as an SMTP smarthost on it's behalf, but your
SMTP smarthost will
>> need to have port 25 open to the internet so this is
moving the problem
>not
>> curing it.
>>
>> Its entirely natural for a system that talks to the
internet to expose
>some
>> ports to the internet. Why do you think this is a
problem?
>>
>> Rob
>> Microsoft MVP
>>
>>
>
>
>.
>

Relevant Pages

  • RE: Pop3 connector, DNS and mail receive problem...
    ... Server", in the previous post, we stop it for troubleshoot the POP3 ... If you need to forward internet email to your ISP ... To verify that you are successfully connected to the SMTP Mail Service, ... 265293 How to Configure the SMTP Connector in Exchange ...
    (microsoft.public.windows.server.sbs)
  • Re: blocking telnet port 25 ?
    ... > SMTP is used for incoming and outgoing mail. ... > with DELIVERY of mail to a server. ... >>So I thought that I could block port 25 packets coming ... >>> need to have port 25 open to the internet so this is ...
    (microsoft.public.win2000.security)
  • Re: SPAMBOT Symptoms?
    ... and that pronounces that server is not an open relay. ... The sender of messages in almost every SMTP queue entry was a single ... If you suspect it is internal, if you are using ISA, you can track port ... direct route to the internet and must go through the SBS box. ...
    (microsoft.public.windows.server.sbs)
  • RE: smarthosts and fwding outgoing mail to isp mail server
    ... Please double check if the OWA can send mail to internet. ... 821910 How to troubleshoot for Exchange Server 2003 transport issues ... You may mail the SMTP log and tracking log to my mail address: ... Microsoft CSS Online Newsgroup Support ...
    (microsoft.public.windows.server.sbs)
  • Exchange issues
    ... IP address that the MX record points, port forwarding is configured to route ... all traffic on port 25 to the SBS Exhange server. ... I suspected SMTP relaying becuase ... All the Exchange services are running and all looks fine. ...
    (microsoft.public.exchange2000.admin)