Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Will blcok port 25 really help to stop spam?

Posted on 2010-11-13
7
Medium Priority
?
589 Views
Last Modified: 2012-05-10
Wondering if block port 25 will really help to stop spam? As far as I know, if i setup the restriction on firewall, inside my network, all clients only able to communicate with my own mail server, and any other on the internet. But wondering if virus not able to send spam using my mail server?

And how usually virus send out spam on client machine? does it use telnet and the client machine act itself as a mail server and send out spam?
0
Comment
Question by:okamon
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
7 Comments
 
LVL 76

Accepted Solution

by:
Alan Hardisty earned 1400 total points
ID: 34128081
If you block outbound port 25 for all client IP's but not your server IP, you are helping yourself because any infected client can use it's own SMTP engine to simply push out spam and get you blacklisted.

Some viruses will send out mail via Outlook direct to the server for the server to send out, but these are not as common.

The most common type of problem is a hacker brute force guessing a username / password on your server and using your server to spew forth spam.

Please have a read of my blog about this:

http://alanhardisty.wordpress.com/2010/09/28/increase-in-frequency-of-security-alerts-on-servers-from-hackers-trying-brute-force-password-programs/
0
 

Author Comment

by:okamon
ID: 34129053
>If you block outbound port 25 for all client IP's but not your server IP, you are helping yourself because any infected client can use it's own SMTP engine to simply push out spam and get you blacklisted.

I am using windows 7, but I don't see the smtp service ..... ?
and the 2 method you mentioned above are sending through my smtp server, so in this case blocking the port will not help.Does virus also use telnet to send out spam?
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 34129069
Windows 7 doesn't have an SMTP service - your Exchange Server has an SMTP service.

If you get a virus, it may have it's own built-in SMTP service (engine) that you won't know about and the virus will use that to send out emails, hence blocking all internal IP addresses on the router from being able to send out traffic on TCP Port 25 (SMTP), will help stop spam.

A virus won't use Telnet, or at least if it does, it will still be using TCP Port 25 (SMTP) to send out mail.
0
Get your Conversational Ransomware Defense e‑book

This e-book gives you an insight into the ransomware threat and reviews the fundamentals of top-notch ransomware preparedness and recovery. To help you protect yourself and your organization. The initial infection may be inevitable, so the best protection is to be fully prepared.

 

Author Comment

by:okamon
ID: 34131403
> Windows 7 doesn't have an SMTP service - your Exchange Server has an SMTP service.

so how my email client send out email to my mail server?
0
 
LVL 76

Assisted Solution

by:Alan Hardisty
Alan Hardisty earned 1400 total points
ID: 34131599
If you install email software such as Outlook and configure that to use SMTP / POP3, then of course it will have an SMTP service installed.  If you configure it to use Exchange, then it won't use SMTP to send mail.

You were talking about Windows 7 and that does not have an SMTP service on it's own.  Windows Mail which is included with Windows 7 does have an SMTP service built in to that.

If you get a virus, then the virus does not know whether you will have an SMTP service available so it will most likely have its own SMTP service written into the virus.

Blocking port 25 for all IP's apart from your mail server is a sensible anti-spam precaution because most viruses will try to send out mail directly (they haven't got a clue that you will have an Exchange server available) so if you leave the port open for all PC's to use, then a virus will be freely able to send spam out.  If it is blocked, if you get a virus, then it won't be able to send the mail out.
0
 

Author Comment

by:okamon
ID: 34131760
> If you install email software such as Outlook and configure that to use SMTP / POP3, then of course it will have an SMTP service installed.

Thank you again. I have outlook installed on both xp and windows 7, but I don't see smtp service in windows services... is it built-in in outlook?
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 34131884
You won't see a specific SMTP service.  It is built-in to Outlook.
0

Featured Post

Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

One-stop solution for Exchange Administrators to address all MS Exchange Server issues, which is known by the name of Stellar Exchange Toolkit.
Here in this article, you will get a step by step guidance on how to restore an Exchange database to a recovery database. Get a brief on Recovery Database and how it can be used to restore Exchange database in this section!
In this video we show how to create an email address policy in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Mail Flow…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…

636 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question