Telnet mymailserver.com 25
 

Dear All,

Anyone know how to block telneting to my mailserver over port 25??
telnet mymailserver.com 25

or

maybe they can telneting to my mail server but they won't be able to use the mail from, rcpt to, data, etc command.

i want to do this because i want to block those who tried to send email through our email server directly pretend to be our local user.

I just want my user send or receive an email through a proper way such as using mail client (thunderbird, outlook, etc) or through web using IE, firefox, etc. To me, those who tried to send email directly from server can be categorised into spammer.

Any advice??

Thanks

Mail servers by their own provide various kind of securities.

1. You can define relay list such that only your internal network is allowed to relay mails through your mail server and any one except that even though spoofing himself as your local user wouldnot allowed to do if his IP doesnot match against the relay list.

2. Enable mechanisms like smtp auth on mail server. This is much enhanced level of security as in this case you dont even have to rely on the relay list. This can be useful in case that your mail server is been used by your genuine users from dynamic IP ( like dialup ).

You can never block connections on port 25 as this is the only way a sending server will make connection to your mail server and smtp protocol communication can be finished.

Hope that clears the query.

Thanks abhi.b

BTW, i am using sendmail 8.13 with STARTTLS and SASLv2

But wont you think when they telneting to my mailserver through port 25 and send email to my user, the sendmail will deliver the mail coz sendmail will that the mail is originating from the server itself

Thanks

Yes , Thats right.
If anybody telnets to your mail server on port 25 and then the recipient domain is the domain binded on your mail server then it would accept that mail.
SMTP Auth may be solution to even this problem. I suppose STARTTLS is a seperate thing and smtp auth is a seperate thing.

sendmail + starttls + saslv2 is kind of smtp auth

Telneting to port 25 doesnt mean that the users source address is changed to the local address.
for Eg:-
If your mail server's IP is AA.BB.CC.DD and a user telnets from DD.DD.DD.DD
The mail server sees the IPAddress of DD.DD.DD.DD and rejects the relay.
Make sure that the Mail server is configured to trust only localhost and authenticated users (i.e Mynetwork= 127.0.0.0/8 only) and its configured to relay only the authenticated users.

Regards
Manjunath

you are confusing yourself by using the term telneting.

Telnet is a client server program which by default talks on port 23. When you invoke telnet with no port number (like 25) , it opens a raw tcp connection.

Goto wikipedia and look up telnet for better understanding.

I am not confusing myself by the term of telnet.
My problem is :

is someone wanna send email to my local user using
then the server will accept the mail and sent it to my local user.
what i want to do is how to prevent that??

And all the responses was talking about relay.
And relay in a simple terms, is a mechanism by which mail is transferred from host to host until it reaches its ultimate destination.

but in my case, the MTA doesn't connect to other MTA.

In simpler terms. You can not stop a mail server to accept telnet on port 25 for two reasons.
1) telnet to port 25 is only used to initiate the communication, Like an MUA does.
2) once after a successful telnet what you type is what the MUA speaks with the server to send mail ( like .. ehlo yourdomain.com, mail from:abc@yourdaomin.com, rcpt to:someaddress@abc.com.. etc)

In otherwords, You can not stop someone from doing so, Unless you stop your mail service. Either it will work for both telnet port 25 and MUA, Or it wont work atall for both.

Regards
Manjunath