Close port 25 to clients but open for mail servers?

keat63

• December 19, 2018 03:17

I've sort of discussed this on here before, but don't recall me finding a solution. Maybe there is no solution. In CSF I have all email ports closed globally, but whitelisted the UK. I also have CSF configured, in the event that you fail authentication three times, the IP is blacklisted. The problem I have is that I can't close port 25. If I do so, then this closes the port for legitimate traffic, ie other mail servers, which then kills all email. A consequence of this means that I still see failed global smtp authentication attempts, I can only assume potential bad guys trying to authenticate on port 25. It's not a huge problem as I guess 99% of authentication attempts are probably already being denied in the background, and the remaining 1% are being blacklisted after 3 failed attempts. It doesn't stop them retrying though, sometimes resulting in a Block C blacklisting. Is it possible to somehow have port 25 closed to clients, but open to servers. Do mail servers do some form of handshake to say "hey, I'm a server"

• 

  GOT

  • December 19, 2018 10:12

  Doing what you are suggesting is not possible afaik. Ports are either open or closed in the firewall, it cant make a distinction between a server connection and a client connection.

  0
• 

  keat63

  • December 19, 2018 11:20

  Yes, I suspect this is the case.

  0
• 

  sparek-3

  • December 19, 2018 14:46

  Do mail servers do some form of handshake to say "hey, I'm a server"

  
  No, they do not. Your only solution is to require SMTP authentication for relaying mail (sending mail from the server to domains that don't exist on your server ... i.e. exist in /etc/localdomains). That's how the distinction is made. If a connection comes into your mail server and it's recipient domain is not a local domain... then that connection is relaying out mail. You will want to restrict who can relay out mail to properly authenticated accounts. If a connection comes into your mail server ans it's recipient domain is a local domain... then the message is delivered appropriately to the account as stated... assuming it exists.

  0
• 

  cPanelMichael

  • December 19, 2018 16:25

  Hello @keat63, I concur with the other posts here. Let us know if you have any additional questions. Thank you.

  0
• 

  keat63

  • December 20, 2018 07:32

  Hi Sparek I don't quite follow. However, I'm confident that I'm pretty much locked down, so I'll settle with what I have I guess.

  0

Please sign in to leave a comment.