telnet to port 25

[cygnul]

hi

if i telnet to port 25(smtp) on a server can i stop that from happening at the router? in other words - can i stop somone from telneting into my smtp server through my router without denying traffic on port 25? hope im making sense

cheers

 

[yizhar]

HI.

A firewall like the pix inspects the SMTP traffic, and limits it only to the commands needed for email.
This does not prevent telnet access but posses a functional limit on it.

In any case you must check your mail server configuration, patch it, etc..

Bye
Yizhar Hurwitz

http://come.to/yizhar

http://teachers.sivan.co.il/yizhar

 

[Saeed42]

You can set up an access-list to allow port 25 traffic coming from your ISP's mail servers only and deny everything else

 

[ChrisAC]

The access list would only be of use if mail only came from the ISP's mail server. If you have an SMTP feed to your mail server then mail needs to be accepted from anywhere. However, there is a way round this. Ask your ISP to set up a secondary MX record in DNS for their mail spooler. Then have them block traffic from all other IP ranges on port 25 but allow mail from the spooler. When mail attempts to be delivered it will be knocked back by the access-list on the core router at the ISP and so will be delivered to the mail spooler. The mail spooler will then attempt to deliver the mail the the first MX preference and will be allowed. So, you get your mail and no one can telnet in to your mail server.

Chris.
************************
Chris Andrew, CCNA
chrisac@gmx.co.uk
************************