SMTP PORT 25 IS OPEN BUT WHERE

The school has two DHCP pools with 2500 IP's  in both pools.  GRC Shields up scan revealed port 25 is open.  What scanning tool can we run to find out which IP has port 25 open?
LVL 1
Lance McGrewRETIREDAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Wayne88Commented:
It's open at the router/firewall not at the workstation.  It's the main router that's connected to the WAN/Internet and that's what GRC is showing.  Port 25 is open at the main router/firewall but it's normal because you won't be able to send email out if the SMTP port was closed.

GRC Shields Up is a port scanning tool from the outside.  This is what you want because you're not concerned about the ports that's opened inside the network (workstations, etc.)
Lance McGrewRETIREDAuthor Commented:
We already checked and confirmed port 25 is blocked on the main firewall.   Email clients are using ports 465 and 587.
Wayne88Commented:
GRC is definitely scanning ports that are facing out so it must be at your main router.  It won't be inside.  There must be a firewall rule or port forwarding that's still active on your main router.  Do you have only 1 WAN (internet) connection or do you have multiple WAN setup (load balancing, fail-over)?  If so, there may be separate firewall rule for each WAN connection instead of common (depending on the router make and model).

Also, if you just closed port 25 on the main router/firwall, have you tried rebooting the router then redo the GRC scan?
Defend Against the Q2 Top Security Threats

Were you aware that overall malware worldwide was down a surprising 42% from Q1'18? Every quarter, the WatchGuard Threat Lab releases an Internet Security Report that analyzes the top threat trends impacting companies worldwide. Learn more by viewing our on-demand webinar today!

it_saigeDeveloperCommented:
Firewalls and routers are rarely configured to block outbound traffic.  This is an inbound rule and should stay as is.  25 is the default port that other email servers attempt to connect to in order to send email to your mail server.  If you are using a filtering service then you should really designate their range of addresses as the source for your traffic on 25.

-saige-
Wayne88Commented:
"Firewalls and routers are rarely configured to block outbound traffic. "

Agree, I meant to say that "Port 25 is open at the main router/firewall but it's normal because you won't be able to receive email from the internet if the SMTP port was closed"

Thank you for catching that.
Lance McGrewRETIREDAuthor Commented:
There is no email server on the LAN.  All mail is handled offsite by another district facility.   Now, oddly enough, today when I did a scan, port 25 reported "STEALTH" status.   I double-checked with the IT director and he has not changed anything.   So we have a mystery.   Will run another scan tomorrow and see if anything different.
Wayne88Commented:
Hi Lance,

Do you have only 1 WAN (internet) connection or do you have multiple WAN setup (load balancing, fail-over)?  If so, there may be separate firewall rule for each WAN connection instead of common (depending on the router make and model).

Wayne

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Lance McGrewRETIREDAuthor Commented:
Okay -- yes there are two WAN connections.   One serves the elementary building and one serves the MS/HS building.   The scan reports port 25 stealth on one IP and open on the other.

Will revisit the firewall settings tomorrow.
Wayne88Commented:
Ok great, thanks for letting us know. Cheers!
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Security

From novice to tech pro — start learning today.