How to prevent connection to smtp port?
Page 1 of 2 12 LastLast
Results 1 to 10 of 18

Thread: How to prevent connection to smtp port?

  1. #1
    Member
    Join Date
    Dec 2003
    Posts
    39

    How to prevent connection to smtp port?

    Hi all,

    My company uses Interscan Viruswall NT for smtp server.

    I discovered that I can connect to port 25 and fire up some faked email. We confirm with ORDB it's not open relay. But I guess you can still spam email inside the domain.

    So how can I prevent this? block the conection or disable some commands? and we still want email server functioning.

    Thanks for any help.
    万千世界多奇妙,浩瀚宇宙十万问。
    孤独客离君去,欲伴归乡中国

  2. #2
    AOs Resident Troll
    Join Date
    Nov 2003
    Posts
    3,152
    Are you connecting using an annonymous account
    or are you using a username\password to send mail?

    Is this from an external connection???

    AFAIK....strong access\username\password policy is the best protection.

    You may be able to tweak your program not to accept connections from external requests.

    MLF
    How people treat you is their karma- how you react is yours-Wayne Dyer

  3. #3
    Right turn Clyde Nokia's Avatar
    Join Date
    Aug 2003
    Location
    Button Moon
    Posts
    1,696
    I have never ued Interscan Viruswall NT before but with the ones I have used you can configure it to not acccept connections from port 23 (telnet) which is the most common way of logging into a smtp server for faking email reasons, is it configured to allow annonomous login's? If so configure it so it needs a user name and password for login. Then configure the mail client you use with the approprate details.
    People on your network may be able to find the user name from whatever program you use but the password should be hidden, *********!
    Drugs have taught an entire generation of kids the metric system.

    http://tazforum.**********.com/

  4. #4
    Just Another Geek
    Join Date
    Jul 2002
    Location
    Rotterdam, Netherlands
    Posts
    3,401
    As long as the senders (MAIL FROM: ) address and/or the receivers (RCPT TO: ) address contains your company's domainname you should be able to "fake" an email. Your mailserver is supposed to do that. There's no way to prevent this exept taking the mailserver off-line. But I guess that's not an option.

    I am assuming you meant connecting to port 25 from outside the company?

    Or is it port 25 inside the company?
    Oliver's Law:
    Experience is something you don't get until just after you need it.

  5. #5
    Senior Member
    Join Date
    Jan 2003
    Posts
    3,914
    Hey Hey,

    morganlefay: As far as I understand he is trying to prevent fake email from coming into his company... not users from accessing it.

    mikema: mail servers are relatively simple devices... they recieve messages and send deliver them to the proper recipient. While you could attempt to validate the domain the message has originated from, there is no way to validate the sender. If the sender of every email sent was validated it would really slow down the way we communicate with email, I'd shudder to think of the queues on some of the bigger mail servers. You can do some searches on here for things like "Fake Email" and "Spoofed Email" and you'll find a few discussions on it.. Most people don't send fake email these days because it's too easy to get caught, mail headers give it away immediately. As for any spam you're receiving... deploy a spam filter on your mail server... It's going to catch the spam whether it goes directly to your SMTP server from a PC or from another SMTP server, the mail server can't distinguish the difference.

    Peace,
    HT
    IT Blog: .:Computer Defense:.
    PnCHd (Pronounced Pinched): Acronym - Point 'n Click Hacked. As in: "That website was pinched" or "The skiddie pinched my computer because I forgot to patch".

  6. #6
    AOs Resident Troll
    Join Date
    Nov 2003
    Posts
    3,152
    morganlefay: As far as I understand he is trying to prevent fake email from coming into his company... not users from accessing it.
    I guess I must of misunderstood the question.........

    Along with SirDice and Nokia.

    Obviously you gleened spam out of the original question....

    We all seemed to have missed that

    MLF
    How people treat you is their karma- how you react is yours-Wayne Dyer

  7. #7
    rebmeM roineS enilnOitnA steve.milner's Avatar
    Join Date
    Jul 2003
    Posts
    1,018
    Is this the incoming mail server for your company?

    If so blocking port 25 will prevent mail from being delivered.

    If not are you sure port 25 is visible from outside the company network.

    Check your firewall setup.

    Steve
    IT, e-commerce, Retail, Programme & Project Management, EPoS, Supply Chain and Logistic Services. Yorkshire. http://www.bigi.uk.com

  8. #8
    Member
    Join Date
    Dec 2003
    Posts
    39

    let me clear a bit

    1st of all, thanks for you guys quick help.

    My concern is faked email from inside, is there no way to prevent this? Since my VP doesn't like the idea that someone inside company forges email to ask some passwords, etc, and I think it' hard to trace that person, at least you can not find any inforamtion from header since it sends email on server.

    then maybe I will disable Telent port23?
    万千世界多奇妙,浩瀚宇宙十万问。
    孤独客离君去,欲伴归乡中国

  9. #9
    AOs Resident Troll
    Join Date
    Nov 2003
    Posts
    3,152
    Our mail server has email tracking....all internal email.

    Maybe yours does too??

    MLF
    How people treat you is their karma- how you react is yours-Wayne Dyer

  10. #10
    Senior Member
    Join Date
    Jan 2003
    Posts
    3,914

    Re: let me clear a bit

    Originally posted here by mikema
    1st of all, thanks for you guys quick help.

    My concern is faked email from inside, is there no way to prevent this? Since my VP doesn't like the idea that someone inside company forges email to ask some passwords, etc, and I think it' hard to trace that person, at least you can not find any inforamtion from header since it sends email on server.

    then maybe I will disable Telent port23?
    Hey Hey,

    As SirDice said, you're asking how to stop your mail server from doing what it's supposed to do... If you have employees that you are worried about doing that, perhaps firing them is the best route to take. As far as finding the information, if everything is internal with private addressing, you should be able to track down the sender to their individual workstation using the mail headers... It'd actually be easier to track down the sender than if it was external.

    How does disabling telnet fit into the picture?

    MLF: sounds like ya don't agree with what I said... but I still stand by it... usernames and passwords aren't going to help prevent mail being sent... It'll limit who can send through the mail server, but not what information is going to be displayed when the other user receives it and sees the Sender... Unless the sarcasm I sensed wasn't really there but I doubt that.

    Peace,
    HT
    IT Blog: .:Computer Defense:.
    PnCHd (Pronounced Pinched): Acronym - Point 'n Click Hacked. As in: "That website was pinched" or "The skiddie pinched my computer because I forgot to patch".

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •