Solved

Will blcok port 25 really help to stop spam?

Posted on 2010-11-13
7
578 Views
Last Modified: 2012-05-10
Wondering if block port 25 will really help to stop spam? As far as I know, if i setup the restriction on firewall, inside my network, all clients only able to communicate with my own mail server, and any other on the internet. But wondering if virus not able to send spam using my mail server?

And how usually virus send out spam on client machine? does it use telnet and the client machine act itself as a mail server and send out spam?
0
Comment
Question by:okamon
  • 4
  • 3
7 Comments
 
LVL 76

Accepted Solution

by:
Alan Hardisty earned 350 total points
ID: 34128081
If you block outbound port 25 for all client IP's but not your server IP, you are helping yourself because any infected client can use it's own SMTP engine to simply push out spam and get you blacklisted.

Some viruses will send out mail via Outlook direct to the server for the server to send out, but these are not as common.

The most common type of problem is a hacker brute force guessing a username / password on your server and using your server to spew forth spam.

Please have a read of my blog about this:

http://alanhardisty.wordpress.com/2010/09/28/increase-in-frequency-of-security-alerts-on-servers-from-hackers-trying-brute-force-password-programs/
0
 

Author Comment

by:okamon
ID: 34129053
>If you block outbound port 25 for all client IP's but not your server IP, you are helping yourself because any infected client can use it's own SMTP engine to simply push out spam and get you blacklisted.

I am using windows 7, but I don't see the smtp service ..... ?
and the 2 method you mentioned above are sending through my smtp server, so in this case blocking the port will not help.Does virus also use telnet to send out spam?
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 34129069
Windows 7 doesn't have an SMTP service - your Exchange Server has an SMTP service.

If you get a virus, it may have it's own built-in SMTP service (engine) that you won't know about and the virus will use that to send out emails, hence blocking all internal IP addresses on the router from being able to send out traffic on TCP Port 25 (SMTP), will help stop spam.

A virus won't use Telnet, or at least if it does, it will still be using TCP Port 25 (SMTP) to send out mail.
0
Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

 

Author Comment

by:okamon
ID: 34131403
> Windows 7 doesn't have an SMTP service - your Exchange Server has an SMTP service.

so how my email client send out email to my mail server?
0
 
LVL 76

Assisted Solution

by:Alan Hardisty
Alan Hardisty earned 350 total points
ID: 34131599
If you install email software such as Outlook and configure that to use SMTP / POP3, then of course it will have an SMTP service installed.  If you configure it to use Exchange, then it won't use SMTP to send mail.

You were talking about Windows 7 and that does not have an SMTP service on it's own.  Windows Mail which is included with Windows 7 does have an SMTP service built in to that.

If you get a virus, then the virus does not know whether you will have an SMTP service available so it will most likely have its own SMTP service written into the virus.

Blocking port 25 for all IP's apart from your mail server is a sensible anti-spam precaution because most viruses will try to send out mail directly (they haven't got a clue that you will have an Exchange server available) so if you leave the port open for all PC's to use, then a virus will be freely able to send spam out.  If it is blocked, if you get a virus, then it won't be able to send the mail out.
0
 

Author Comment

by:okamon
ID: 34131760
> If you install email software such as Outlook and configure that to use SMTP / POP3, then of course it will have an SMTP service installed.

Thank you again. I have outlook installed on both xp and windows 7, but I don't see smtp service in windows services... is it built-in in outlook?
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 34131884
You won't see a specific SMTP service.  It is built-in to Outlook.
0

Featured Post

Get up to 2TB FREE CLOUD per backup license!

An exclusive Black Friday offer just for Expert Exchange audience! Buy any of our top-rated backup solutions & get up to 2TB free cloud per system! Perform local & cloud backup in the same step, and restore instantly—anytime, anywhere. Grab this deal now before it disappears!

Join & Write a Comment

Resolve Outlook connectivity issues after moving mailbox to new Exchange 2016 server
This process describes the steps required to Import and Export data from and to .pst files using Exchange 2010. We can use these steps to export data from a user to a .pst file, import data back to the same or a different user, or even import data t…
Familiarize people with the process of utilizing SQL Server stored procedures from within Microsoft Access. Microsoft Access is a very powerful client/server development tool. One of the SQL Server objects that you can interact with from within Micr…
To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Servers >> Certificates…

706 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now