Port 25

etc · 09-01-2003, 05:27 AM

Hi all

1) Is port 25 usually open or required open on any mail server?

I suppose it is a security breach, from administration point of view what purpose does it serve?

thanks

jalal · 09-01-2003, 06:41 AM

Yes, if you have a mail server, you will need to have port 25 open.

SMTP (Simple Mail Transfer Protocol) is needed so your clients can send mail, and port 25 is the well-known port for it.

You can usually tell your mail server to listen on another port though, and your clients will need to change thier mail client settings.

etc · 09-01-2003, 07:25 AM

Agreed that the port 25 need be open, but what about the ease with which one can telnet onto port 25 and send / recieve mails using any name without authentication.

What is done in this case, is the telnet service blocked or what are the other options?

Thanks

jalal · 09-01-2003, 11:13 PM

For this, you'll need an email server with some Anti-Spoofing features, e.g., your mail server can accept only a valid account and also asks for that account's password before letting that user send any mail.

Users also don't need to use Telnet to do that (abusing port 25), they can do the same with their mail client.

etc · 09-01-2003, 11:49 PM

Quote:

Originally posted by jalal
For this, you'll need an email server with some Anti-Spoofing features, e.g., your mail server can accept only a valid account and also asks for that account's password before letting that user send any mail.

Okay so the mail server by default will allow any@its-domain and un-authenticated mail transactions (Surprising to me, Please correct me if am worng).

Is this the case with sendmail, qmail as well? How does one enable Anti Spoofing on Exchange 2000?

Quote:

Users also don't need to use Telnet to do that (abusing port 25), they can do the same with their mail client.

Can you please explain how, thanks.

jalal · 09-02-2003, 01:04 AM

an Email server's default depends on that mail server, could be secure, could be not.

To spoof using your favourite mail client, just enter fake information in the settings, e.g. just tell your mail client that you are jalal@domain instead of etc@domain

can't help with exchange 2000 though, sorry!

etc · 09-02-2003, 01:53 AM

Using mail client: Ximian Evolution worked flawlessly . I changed the identity and it spoofed !!

The same did not work iwith MS Outlook.

Is this a server related or client related problem, please explain.

jalal · 09-02-2003, 01:59 AM

This is a server thing. Did you use both clients on the same server and user ID ? if so, you might have mis-configuration somewhere.