How to prevent connection to smtp port?

SMTP is a very, nieve protocol. It trusts that you are who you say you are, which from a security (or spam) point of view is BAD. You can turn on SMTP authentication which will require users to authenticate before being able to send. Clients will need to be reconfigured to authenticate. You obviously can't block port 25, or you won't be able to send and receive email, but you should restrict your server from relaying from any IP that is not in your network. This will prevent outsiders from relaying through your server. I don't know the exact steps to do this on your specific server, but atleast the concepts should be the same.

Quote:

---

Originally posted here by morganlefay
Our mail server has email tracking....all internal email.

Maybe yours does too??

MLF

---

Yes, I think so.

Steve said blocking port 25 will solve the problem if it's from inside, how to do that?

What is your mail server, most can be configured to only accept a from address that is within a list of allowed domains:

Eg [email protected] is ok but [email protected] would be rejected.

However what is very difficult to stop is someone forging [email protected].

Consider using some form of authentication on the smtp server (local network side) so that a user must be validated

Steve

Quote:

---

Originally posted here by mikema
Steve said blocking port 25 will solve the problem if it's from inside, how to do that?

---

That's not what I meant, and is not relevant to your situation.

What I was assuming was the your mail server was only handling internal mail but was accessable from outside.

Your situation is stopping internal users from forging internal from address to SE a password etc.

You need to consider user authentication on the internal NIC of your mailserver.

Steve

Quote:

---

Originally posted here by mikema
Yes, I think so.

Steve said blocking port 25 will solve the problem if it's from inside, how to do that?

---

If you block port 25, you won't be able to send or receive email. Port 25 is how email servers talk to each other, and how they accept new mail.

When you send an email, it is first sent to your SMTP server via port 25. Then the server connects to the server listed in the MX record of the receiving domain and sends it to that server via port 25. As you can see, having this port open is very much needed.

Quote:

---

Originally posted here by steve.milner
That's not what I meant, and is not relevant to your situation.

What I was assuming was the your mail server was only handling internal mail but was accessable from outside.

Your situation is stopping internal users from forging internal from address to SE a password etc.

You need to consider user authentication on the internal NIC of your mailserver.

Steve

---

Sorry Steve, I misunderstood. :)

SO I will suggest to my VP, fire them or configure user authentication.... need find more information...

I guess it comes down to user name and password authentication :rolleyes:

Quote:

---

usernames and passwords aren't going to help prevent mail being sent

---

As I cannot send mail or open my bosses mail...unless I use the admin account...or his account and I would need his password to do that

As for spoofing a "from address"....the email can then be tracked back to the original sender and then dealt with from there.

Quote:

---

Unless the sarcasm I sensed wasn't really there but I doubt that.

---

Just was wondering why I was singled out...

I guess I am just plain misunderstanding the original question.......as with other people

MLF

Quote:

---

Originally posted here by mikema
Sorry Steve, I misunderstood. :)

SO I will suggest to my VP, fire them or configure user authentication.... need find more information...

---

Ok here's what I understand of your situation. You are worried about people connecting to your port 25 and forging emails? Correct me if I'm wrong.

I'm pretty sure you can set a timing thing so if someone stops typing for a set amount of seconds it will automatically disconnect them from the server. If someone does manage to forge and email, depending on what email program you use, you should be able to find the X-Originating-IP which should be the IP address from the computer that sent the forged mail, then you should be able to track down that IP and report it.