Solved

Worries About Port 25 Open on New SBS 2011

Posted on 2014-03-25
6
268 Views
Last Modified: 2014-04-18
Hi,

We have just set up a new SBS2011 server that gets its email via SMTP. Its the first one ive done that receives mail directly, normally I prefer to collect with POP3.

My worry is that to allow mail to connect to port 25 I have to set the receive connector in exchange to accept mail from IP's 0.0.0.0-255.255.255.255, so basically anyone can connect to it.

1. Whats to stop someone doing a port scan and then abusing the open port 25?
2. By default is the server protected against relaying?
3. Should there be anyhting else I should be checking?

Thank you for your time
ANdy
0
Comment
Question by:AndyPandaX
6 Comments
 
LVL 35

Expert Comment

by:Kimputer
ID: 39954550
You have set it up correctly, it's the only way a public mail server can receive all emails. By default, newer SMTP servers don't allow relaying (unlike the default settings about 10 years ago, which strangely allowed relaying).
0
 
LVL 57

Expert Comment

by:Cliff Galiher
ID: 39954551
1) Nothing stops a person from port scanning and attempting to connect via port 25. "Abusing" is a rather arbitrary term and could mean different things to different people.

2) Yes, if you followed SBS guidance, installation, and wizards, you are locked down from relaying by default.

3) Always stay up to date on service packs, update rollups, and security updates. Exchange service packs are NOT on windows update or WSUS, so you have to apply those manually.
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 39971154
Preferring POP3 over SMTP is a bit like preferring a pencil instead of a computer.  For a business, you don't really want to use POP3, ever.

That being said, your concern about protecting the network is somewhat valid -- having a proper firewall (ie, business-class such as a SonicWall) will help to protect things.  But if you are really concerned, you might consider using a third-party email filtering service such as Exchange Defender.

These services will act as the MX endpoint for your email domain and then your Exchange Server's connector will be configured to ONLY connect and accept email from the service.
0
Use Case: Protecting a Hybrid Cloud Infrastructure

Microsoft Azure is rapidly becoming the norm in dynamic IT environments. This document describes the challenges that organizations face when protecting data in a hybrid cloud IT environment and presents a use case to demonstrate how Acronis Backup protects all data.

 
LVL 1

Author Comment

by:AndyPandaX
ID: 39988073
Jeffrey,

Why do you say dont use POP3 over SMTP for inbound email? Its all we have ever used and found it to be the much preferred way. I am open to reasons why you think its a no no.

Andy
0
 
LVL 74

Accepted Solution

by:
Jeffrey Kane - TechSoEasy earned 295 total points
ID: 39989906
POP3 is not Business Class Email.  You have absolutely NO control over the integrity of user's mailboxes.  Additionally there is generally NO security to protect the messages -- ie they travel across the Internet in plain text without encryption.

SMTP is much faster than POP3 as there are no "pull" delays -- delivery is relatively instant.

Furthermore, you don't have control of the POP3 server.  You cannot tell if that server is compromised or there is unauthorized access to it.  You generally cannot control the SPAM filtering (if there even is any).  

Nor can you control user access -- meaning users could pull messages directly from the server bypassing your new Exchange Server.  This means that messages could be deleted without any recourse (Exchange provides for deleted item recovery and archiving).

These are just a few of the main advantages.
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 40008489
Could I ask why you only gave a "B" grade for this answer?  What more did you need to know that wasn't provided in my response?  Because you didn't make any additional comments after mine, there would be no way to know that the information wasn't sufficient.

Please explain.
0

Featured Post

Use Case: Protecting a Hybrid Cloud Infrastructure

Microsoft Azure is rapidly becoming the norm in dynamic IT environments. This document describes the challenges that organizations face when protecting data in a hybrid cloud IT environment and presents a use case to demonstrate how Acronis Backup protects all data.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Group policy not applying 5 101
PCI scan - CIFS NULL Session Permitted 10 157
Cannot connect to server with remote dekstop connection 5 30
how to count files? 4 31
In a recent article here at Experts Exchange (http://www.experts-exchange.com/articles/18880/PaperPort-14-in-Windows-10-A-First-Look.html), I discussed my nine-month sandbox testing of the Windows 10 Technical Preview, specifically with respect to r…
It’s been over a month into 2017, and there is already a sophisticated Gmail phishing email making it rounds. New techniques and tactics, have given hackers a way to authentically impersonate your contacts.How it Works The attack works by targeti…
Windows 8 comes with a dramatically different user interface known as Metro. Notably missing from the new interface is a Start button and Start Menu. Many users do not like it, much preferring the interface of earlier versions — Windows 7, Windows X…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

828 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question