How to prevent connection to smtp port?

**mikema** · September 8th, 2005, 03:53 PM

Hi all,

My company uses Interscan Viruswall NT for smtp server.

I discovered that I can connect to port 25 and fire up some faked email. We confirm with ORDB it's not open relay. But I guess you can still spam email inside the domain.

So how can I prevent this? block the conection or disable some commands? and we still want email server functioning.

Thanks for any help.

***morganlefay*** · September 8th, 2005, 04:00 PM

Are you connecting using an annonymous account
or are you using a username\password to send mail?

Is this from an external connection???

AFAIK....strong access\username\password policy is the best protection.

You may be able to tweak your program not to accept connections from external requests.

MLF

***Nokia*** · September 8th, 2005, 04:03 PM

I have never ued Interscan Viruswall NT before but with the ones I have used you can configure it to not acccept connections from port 23 (telnet) which is the most common way of logging into a smtp server for faking email reasons, is it configured to allow annonomous login's? If so configure it so it needs a user name and password for login. Then configure the mail client you use with the approprate details.
People on your network may be able to find the user name from whatever program you use but the password should be hidden, *********!

***SirDice*** · September 8th, 2005, 04:05 PM

As long as the senders (MAIL FROM: ) address and/or the receivers (RCPT TO: ) address contains your company's domainname you should be able to "fake" an email. Your mailserver is supposed to do that. There's no way to prevent this exept taking the mailserver off-line. But I guess that's not an option.

I am assuming you meant connecting to port 25 from outside the company?

Or is it port 25 inside the company?

***HTRegz*** · September 8th, 2005, 04:08 PM

Hey Hey,

morganlefay: As far as I understand he is trying to prevent fake email from coming into his company... not users from accessing it.

mikema: mail servers are relatively simple devices... they recieve messages and send deliver them to the proper recipient. While you could attempt to validate the domain the message has originated from, there is no way to validate the sender. If the sender of every email sent was validated it would really slow down the way we communicate with email, I'd shudder to think of the queues on some of the bigger mail servers. You can do some searches on here for things like "Fake Email" and "Spoofed Email" and you'll find a few discussions on it.. Most people don't send fake email these days because it's too easy to get caught, mail headers give it away immediately. As for any spam you're receiving... deploy a spam filter on your mail server... It's going to catch the spam whether it goes directly to your SMTP server from a PC or from another SMTP server, the mail server can't distinguish the difference.

Peace,
HT

***morganlefay*** · September 8th, 2005, 04:33 PM

morganlefay: As far as I understand he is trying to prevent fake email from coming into his company... not users from accessing it.

I guess I must of misunderstood the question.........

Along with SirDice and Nokia.

Obviously you gleened spam out of the original question....

We all seemed to have missed that

MLF

***steve.milner*** · September 8th, 2005, 04:33 PM

Is this the incoming mail server for your company?

If so blocking port 25 will prevent mail from being delivered.

If not are you sure port 25 is visible from outside the company network.

Check your firewall setup.

Steve

**mikema** · September 8th, 2005, 04:34 PM

1st of all, thanks for you guys quick help.

My concern is faked email from inside, is there no way to prevent this? Since my VP doesn't like the idea that someone inside company forges email to ask some passwords, etc, and I think it' hard to trace that person, at least you can not find any inforamtion from header since it sends email on server.

then maybe I will disable Telent port23?

***morganlefay*** · September 8th, 2005, 04:40 PM

Our mail server has email tracking....all internal email.

Maybe yours does too??

MLF

***HTRegz*** · September 8th, 2005, 04:42 PM

Originally posted here by mikema
1st of all, thanks for you guys quick help.

My concern is faked email from inside, is there no way to prevent this? Since my VP doesn't like the idea that someone inside company forges email to ask some passwords, etc, and I think it' hard to trace that person, at least you can not find any inforamtion from header since it sends email on server.

then maybe I will disable Telent port23?

Hey Hey,

As SirDice said, you're asking how to stop your mail server from doing what it's supposed to do... If you have employees that you are worried about doing that, perhaps firing them is the best route to take. As far as finding the information, if everything is internal with private addressing, you should be able to track down the sender to their individual workstation using the mail headers... It'd actually be easier to track down the sender than if it was external.

How does disabling telnet fit into the picture?

MLF: sounds like ya don't agree with what I said... but I still stand by it... usernames and passwords aren't going to help prevent mail being sent... It'll limit who can send through the mail server, but not what information is going to be displayed when the other user receives it and sees the Sender... Unless the sarcasm I sensed wasn't really there but I doubt that.

Peace,
HT

Thread: How to prevent connection to smtp port?

Thread Tools

Display

How to prevent connection to smtp port?

let me clear a bit

Re: let me clear a bit

Posting Permissions