• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 720
  • Last Modified:

Restricting port SMTP 25

Hi Geniuses,

simply one here but just wanting to get some clarify the changes I have made to our firewall are correct.

I am wanting to restrict access to SMTP port 25 to potentially prevent future SPAM attacks, and we are currently using a Cisco RV042 as our firewall and I have modified the access rule for SMTP port 25 as follows:

Source Interface: LAN
Source IP: Any
Destination IP: IP address of the Exchange server

Mail flows fine using the above config, but like I said I am just wanting to confirm that the above is correct in terms of correctly locking down the port?

If anyone has any further tips and or advice that would be greatly appreciated.

Thanks,
Adrian
0
Adma1
Asked:
Adma1
2 Solutions
 
Syed_M_UsmanCommented:
Dear,

in any email server envoirment you have to protect your SMTP traffic by allowing traffic "ONLY" from your email server...
 
you need to create two rules by allowing SMTP traffic only for email server and deny all smtp traffic for other hosts... this will prevent any other Fake or infected host sending SMTP traffic outside...
 
Both Rule are from LAN to WAN...

Action: DENY
Service: SMTP (Send email)
Source: ANY
Destination: Any
Users Allowed: All, ok
Above Rule will prevent any fake user/email server sending email outside.

Action: Allow
Service: SMTP (Send email)
Source: Exchange Server IP
Destination: Any
Users Allowed: All, ok

The priority of Exchange SMTP Allow rule must be higher...
0
 
Manpreet SIngh KhatraSolutions Architect, Project LeadCommented:
Restrict Port 25 would mean no emails coming in and if you open port 25 just for Exchange thats what Firewalls are used to set ?

So not sure what are we trying exactly out here ?

- Rancy
0
 
Miguel Angel Perez MuñozCommented:
Spam is caused by faked email messages. Closing 25 tcp port block spam but legitimate email too. Better idea is setup any kind of antivirus and antispam solution on your mail server.
0
2017 Webroot Threat Report

MSPs: Get the facts you need to protect your clients.
The 2017 Webroot Threat Report provides a uniquely insightful global view into the analysis and discoveries made by the Webroot® Threat Intelligence Platform to provide insights on key trends and risks as seen by our users.

 
Syed_M_UsmanCommented:
Dear,

once you have email server in your envoirment you need to restrict SMTP only for Exchange to avoid fake user/servers sending email outside... as i mention in my previous post...
0
 
Adma1Author Commented:
Hi Syed,

thanks for your responses If I apply your suggested config as per below then we cannot send mail. any ideas?


Both Rule are from LAN to WAN...

Action: DENY
Service: SMTP (Send email)
Source: ANY
Destination: Any
Users Allowed: All, ok
Above Rule will prevent any fake user/email server sending email outside.

Action: Allow
Service: SMTP (Send email)
Source: Exchange Server IP
Destination: Any
Users Allowed: All, ok
0
 
Syed_M_UsmanCommented:
no you should be able to send and recive email but only VIA EXCHANGE server...

Allow rule gould be above deny rule in the firewall priority... refer to below example
LAN to WAN
if possible please provide santitized screen shot..
0
 
Adma1Author Commented:
Thanks por 25 restriction is now working.
0
 
Syed_M_UsmanCommented:
Glad to know,,, please close the thread.
0

Featured Post

What Security Threats Are We Predicting for 2018?

Cryptocurrency, IoT botnets, MFA, and more! Hackers are already planning their next big attacks for 2018. Learn what you might face, and how to defend against it with our 2018 security predictions.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now