Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Anyone know how to block telneting to my mailserver over port 25??
telnet mymailserver.com 25
or
maybe they can telneting to my mail server but they won't be able to use the mail from, rcpt to, data, etc command.
i want to do this because i want to block those who tried to send email through our email server directly pretend to be our local user.
I just want my user send or receive an email through a proper way such as using mail client (thunderbird, outlook, etc) or through web using IE, firefox, etc. To me, those who tried to send email directly from server can be categorised into spammer.
Mail servers by their own provide various kind of securities.
1. You can define relay list such that only your internal network is allowed to relay mails through your mail server and any one except that even though spoofing himself as your local user wouldnot allowed to do if his IP doesnot match against the relay list.
2. Enable mechanisms like smtp auth on mail server. This is much enhanced level of security as in this case you dont even have to rely on the relay list. This can be useful in case that your mail server is been used by your genuine users from dynamic IP ( like dialup ).
You can never block connections on port 25 as this is the only way a sending server will make connection to your mail server and smtp protocol communication can be finished.
BTW, i am using sendmail 8.13 with STARTTLS and SASLv2
But wont you think when they telneting to my mailserver through port 25 and send email to my user, the sendmail will deliver the mail coz sendmail will that the mail is originating from the server itself
Yes , Thats right.
If anybody telnets to your mail server on port 25 and then the recipient domain is the domain binded on your mail server then it would accept that mail.
SMTP Auth may be solution to even this problem. I suppose STARTTLS is a seperate thing and smtp auth is a seperate thing.
Telneting to port 25 doesnt mean that the users source address is changed to the local address.
for Eg:-
If your mail server's IP is AA.BB.CC.DD and a user telnets from DD.DD.DD.DD
The mail server sees the IPAddress of DD.DD.DD.DD and rejects the relay.
Make sure that the Mail server is configured to trust only localhost and authenticated users (i.e Mynetwork= 127.0.0.0/8 only) and its configured to relay only the authenticated users.
you are confusing yourself by using the term telneting.
Telnet is a client server program which by default talks on port 23. When you invoke telnet with no port number (like 25) , it opens a raw tcp connection.
Goto wikipedia and look up telnet for better understanding.
you are confusing yourself by using the term telneting.
Telnet is a client server program which by default talks on port 23. When you invoke telnet with no port number (like 25) , it opens a raw tcp connection.
Goto wikipedia and look up telnet for better understanding.
I am not confusing myself by the term of telnet.
My problem is :
is someone wanna send email to my local user using
Code:
telnet mymailserver.com 25
then the server will accept the mail and sent it to my local user.
what i want to do is how to prevent that??
And all the responses was talking about relay.
And relay in a simple terms, is a mechanism by which mail is transferred from host to host until it reaches its ultimate destination.
but in my case, the MTA doesn't connect to other MTA.
In simpler terms. You can not stop a mail server to accept telnet on port 25 for two reasons.
1) telnet to port 25 is only used to initiate the communication, Like an MUA does.
2) once after a successful telnet what you type is what the MUA speaks with the server to send mail ( like .. ehlo yourdomain.com, mail from:abc@yourdaomin.com, rcpt to:someaddress@abc.com.. etc)
In otherwords, You can not stop someone from doing so, Unless you stop your mail service. Either it will work for both telnet port 25 and MUA, Or it wont work atall for both.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.