?
Solved

Will blcok port 25 really help to stop spam?

Posted on 2010-11-13
7
Medium Priority
?
587 Views
Last Modified: 2012-05-10
Wondering if block port 25 will really help to stop spam? As far as I know, if i setup the restriction on firewall, inside my network, all clients only able to communicate with my own mail server, and any other on the internet. But wondering if virus not able to send spam using my mail server?

And how usually virus send out spam on client machine? does it use telnet and the client machine act itself as a mail server and send out spam?
0
Comment
Question by:okamon
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
7 Comments
 
LVL 76

Accepted Solution

by:
Alan Hardisty earned 1400 total points
ID: 34128081
If you block outbound port 25 for all client IP's but not your server IP, you are helping yourself because any infected client can use it's own SMTP engine to simply push out spam and get you blacklisted.

Some viruses will send out mail via Outlook direct to the server for the server to send out, but these are not as common.

The most common type of problem is a hacker brute force guessing a username / password on your server and using your server to spew forth spam.

Please have a read of my blog about this:

http://alanhardisty.wordpress.com/2010/09/28/increase-in-frequency-of-security-alerts-on-servers-from-hackers-trying-brute-force-password-programs/
0
 

Author Comment

by:okamon
ID: 34129053
>If you block outbound port 25 for all client IP's but not your server IP, you are helping yourself because any infected client can use it's own SMTP engine to simply push out spam and get you blacklisted.

I am using windows 7, but I don't see the smtp service ..... ?
and the 2 method you mentioned above are sending through my smtp server, so in this case blocking the port will not help.Does virus also use telnet to send out spam?
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 34129069
Windows 7 doesn't have an SMTP service - your Exchange Server has an SMTP service.

If you get a virus, it may have it's own built-in SMTP service (engine) that you won't know about and the virus will use that to send out emails, hence blocking all internal IP addresses on the router from being able to send out traffic on TCP Port 25 (SMTP), will help stop spam.

A virus won't use Telnet, or at least if it does, it will still be using TCP Port 25 (SMTP) to send out mail.
0
Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

 

Author Comment

by:okamon
ID: 34131403
> Windows 7 doesn't have an SMTP service - your Exchange Server has an SMTP service.

so how my email client send out email to my mail server?
0
 
LVL 76

Assisted Solution

by:Alan Hardisty
Alan Hardisty earned 1400 total points
ID: 34131599
If you install email software such as Outlook and configure that to use SMTP / POP3, then of course it will have an SMTP service installed.  If you configure it to use Exchange, then it won't use SMTP to send mail.

You were talking about Windows 7 and that does not have an SMTP service on it's own.  Windows Mail which is included with Windows 7 does have an SMTP service built in to that.

If you get a virus, then the virus does not know whether you will have an SMTP service available so it will most likely have its own SMTP service written into the virus.

Blocking port 25 for all IP's apart from your mail server is a sensible anti-spam precaution because most viruses will try to send out mail directly (they haven't got a clue that you will have an Exchange server available) so if you leave the port open for all PC's to use, then a virus will be freely able to send spam out.  If it is blocked, if you get a virus, then it won't be able to send the mail out.
0
 

Author Comment

by:okamon
ID: 34131760
> If you install email software such as Outlook and configure that to use SMTP / POP3, then of course it will have an SMTP service installed.

Thank you again. I have outlook installed on both xp and windows 7, but I don't see smtp service in windows services... is it built-in in outlook?
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 34131884
You won't see a specific SMTP service.  It is built-in to Outlook.
0

Featured Post

On Demand Webinar: Networking for the Cloud Era

Did you know SD-WANs can improve network connectivity? Check out this webinar to learn how an SD-WAN simplified, one-click tool can help you migrate and manage data in the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

How to resolve IMCEAEX NDRs in Exchange or Exchange Online related to invalid X500 addresses.
Check out this step-by-step guide for using the newly updated Experts Exchange mobile app—released on May 30.
To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Servers >> Certificates…
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…
Suggested Courses

800 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question