How to disable telnet access to SMTP port

[packdragon]

We have a Windows NT Server (with latest SP) on our external network that runs Post.Office, which relays mail to Exchange 2003 on our internal network. The box needs to have SMTP running, but I want to disable telnet access to it. The Sonicwall firewall we have doesn't seem to have the ability to block telnet. Is there some other way to block this?

- Zoe, that's ZOH-EEE, get it right please
- Just a little ol' MCP at Solien Technology
-

http://www.solien.com

 

[ReddLefty]

Emm.. well, TELNET is in fact a remote session. When a mail server tries to deliver mail to yours, it uses that port with a set of commands in order to deliver the message, which is on port 25... in other words, your server HAS to have something answering on that port that will process your email, so you cannot "stop" telnet from working, since it's actually your email server that is doing it's job when it answers.

You can telnet into any port and the services that are polling that port (if any) should answer in their own way... you just might not be able to comprehend it without the appropriate software that is looking out for it.







"In space, nobody can hear you click..."

 

[Grenage]

In order for you to block telnet access to the SMTP port you would have to block incoming transmissions to port 25. This would really be quite fruitless as ReddLeftystates, there is no point in running it if you block it completely.

Perhaps you could be helped more if you mentioned why you want to do this.

 

[packdragon]

Ah I see, that makes sense. I was hoping to be able to block spammers and hackers outside our network from being able to gather email addresses from our mail server. Or is this not possible?

- Zoe, that's ZOH-EEE, get it right please
- Just a little ol' MCP at Solien Technology
-

http://www.solien.com

 

[Grenage]

I was not aware that it was possible to gather email addresses with a terminal session, how is this done?

 

[ReddLefty]

I think that used to be the FINGER protocol. I haven't seen that active on any Exchange server, but I'm not familiar with that protocol, so I'm hoping somebody else may fill us in the details.



"In space, nobody can hear you click..."

 

[packdragon]

My coworker was showing me the "vrfy" command after you telnet in. You can verify any email address that way. So I asked, "They can't just pull up a list of email addresses, can they?" The question was somewhat skirted with the following answer, "They can run a script with a dictionary of names and get a list of valid addresses that way. So I don't know of a way where unwanted users can obtain a list straight-up of all the users in the database. However I still don't want them running their filthy little scripts. But I guess there's no way to turn off that feature without disabling SMTP?