Lance McGrew
asked on
SMTP PORT 25 IS OPEN BUT WHERE
The school has two DHCP pools with 2500 IP's in both pools. GRC Shields up scan revealed port 25 is open. What scanning tool can we run to find out which IP has port 25 open?
ASKER
We already checked and confirmed port 25 is blocked on the main firewall. Email clients are using ports 465 and 587.
GRC is definitely scanning ports that are facing out so it must be at your main router. It won't be inside. There must be a firewall rule or port forwarding that's still active on your main router. Do you have only 1 WAN (internet) connection or do you have multiple WAN setup (load balancing, fail-over)? If so, there may be separate firewall rule for each WAN connection instead of common (depending on the router make and model).
Also, if you just closed port 25 on the main router/firwall, have you tried rebooting the router then redo the GRC scan?
Also, if you just closed port 25 on the main router/firwall, have you tried rebooting the router then redo the GRC scan?
Firewalls and routers are rarely configured to block outbound traffic. This is an inbound rule and should stay as is. 25 is the default port that other email servers attempt to connect to in order to send email to your mail server. If you are using a filtering service then you should really designate their range of addresses as the source for your traffic on 25.
-saige-
-saige-
"Firewalls and routers are rarely configured to block outbound traffic. "
Agree, I meant to say that "Port 25 is open at the main router/firewall but it's normal because you won't be able to receive email from the internet if the SMTP port was closed"
Thank you for catching that.
Agree, I meant to say that "Port 25 is open at the main router/firewall but it's normal because you won't be able to receive email from the internet if the SMTP port was closed"
Thank you for catching that.
ASKER
There is no email server on the LAN. All mail is handled offsite by another district facility. Now, oddly enough, today when I did a scan, port 25 reported "STEALTH" status. I double-checked with the IT director and he has not changed anything. So we have a mystery. Will run another scan tomorrow and see if anything different.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Okay -- yes there are two WAN connections. One serves the elementary building and one serves the MS/HS building. The scan reports port 25 stealth on one IP and open on the other.
Will revisit the firewall settings tomorrow.
Will revisit the firewall settings tomorrow.
Ok great, thanks for letting us know. Cheers!
GRC Shields Up is a port scanning tool from the outside. This is what you want because you're not concerned about the ports that's opened inside the network (workstations, etc.)