telnet smtp on port 25

russus
russus used Ask the Experts™
on
Hi Experts

i am rookie on security and hope somebody could help.

it's a telnet question; if anybody does a telnet command "o www.mydomainname.com 25" they get connected to the dedicated server so i assume this is where the website is hosted.

but also when doing a telnet smtp.mydomainname.com 25, they also get connected. is this a flow on our network?

i read that i would need to block port 25, is this the solution to go forward?

we use web access, so blocking 25 on the firewall would affect our email?
we use an external email antivirus protection.

thank you for reading and appreciate your help
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
BusbarSolutions Architect

Commented:
This is correct.
for www.domain.com most probably your company that hosts the website is providing SMTP service so you can connect to their servers.
smtp.domain.com is your server and this is where your mail server resides, you don't want to block port 25 unless you don't want to receive internet email. this is correct and expected behavior

Author

Commented:
thanks busbar, when i try to telnet my old work's smtp i get connection failed.
is there a way to restrict access or password protect telnet?

thank you
BusbarSolutions Architect

Commented:
nop, maybe they changed the IP or something, but you can even telnet to hotmail and google and no way to work around it
Become a Microsoft Certified Solutions Expert

This course teaches how to install and configure Windows Server 2012 R2.  It is the first step on your path to becoming a Microsoft Certified Solutions Expert (MCSE).

SteveArchitect/Designer

Commented:
if www.domain.com and smtp.domain.com point to the same External IP/internal server you are stuck as disabling one with stop the other too.

The WWW. and smtp. info in just a pointer to an IP. if they both point to the same IP address they are effectively the same connection.

If they are different servers/Ext IPs you should be able to set the firewall not to allow poert 25 traffic unless its on the correct IP.

Author

Commented:
the www and the smtp are on different external IPs. our emails go to an external spam filtering service, and we use web access. so what would happen if i block port 25 ?
Solutions Architect
Commented:
ok how did you receive emails from your spam filtering, if you receive them using SMTP/TLS then you can block port 25 and use SMTPs.
if you are receiving using SMTP then ask your spam filter to provide you with list of IPs that will send you emails and configure the firewall to accept SMTP port 25 traffic only from those IPs

Author

Commented:
in exchange server under SMTP properties, option "forward all mail through this connector..." is ticked and the address is post2.emailfilteringservice.com address. but not sure if im receiving them using SMTP/TLS or just SMTP. i'll call filter guys
SteveArchitect/Designer
Commented:
@russus

If www. and smtp. are different external IPs you may be in luck.

port 25 is only used for email so you can block port 25 for www. (preferably on the firewall but can be done on the server if necessary.

If this is also the server that the external spam filter sends messages to after filtering, you need to be careful as they may use this port to get messages into your server.

if this is the case, you have two simple options:
change the port the external spam filter uses to connect to your e-mail server (as long as you agree a port with them before you change it on your server)
or
set your e-mail system to ONLY accept connections from the IP of the external Spam filter system.

I'd recommend the last one as this is probably the easiest option and doesnt involve the external smal filter providors having to do anything.

Author

Commented:
thank you guys, i have asked our filtering service to send me their ip range then i will block port 25 from all connections except those ips.
thank you for your help

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial