Results 1 to 6 of 6

Thread: disable port 25 receiving mail to be relayed

  1. #1
    driesp is offline New Member
    Join Date
    May 2011
    Posts
    4
    Rep Power
    4

    Default disable port 25 receiving mail to be relayed

    Hello

    We have had an issue with a compromised account, a password which was compromised.
    IP addresses all around the world where using this account to send spam through our server.

    Our server is located at a datacenter, the server is hosted at an external location
    we have blocked all ports for the public (except for our ip addresses)
    only the ports 25, 80 and 443 are accessible from the public

    After some research, I can see port 25 is accepting mail (with authentication) to be relayed.
    Is it possible to not allow port 25 to receive mail to be relayed.

    Port 25 should deny relay with or without authentication from anywhere.
    Port 25 should only accept mail to be delivered locally.

    Is this possible to configure?

  2. #2
    phoenix is online now Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,566
    Rep Power
    57

    Default

    This is in the wrong forum, I#'ll move it to the correct one. When posting questions on these forums you should provide the exact ZCS version that's in use by posting the output of the following command:

    Code:
    zmcontrol -v]
    Quote Originally Posted by driesp View Post
    Port 25 should deny relay with or without authentication from anywhere.
    Port 25 should only accept mail to be delivered locally.
    Zimbra, by default, is not an open relay so your scenario is already the default for your Zimbra server unless you've modified it to be otherwise. You can see if you're an open relay by runningthe checks provided by some internet sites (do a search for them).

    A compromised account sending spam is not a relay, it's a legitimate account on your server that as sending mail. You need to improve the security of your server and you could start by using 'complex' passwords (you'll find details in the Admin UI) for all users. You can also take a look at the wiki article on improving your anti-spam syetm, there are several tips in there on improving your server.
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  3. #3
    driesp is offline New Member
    Join Date
    May 2011
    Posts
    4
    Rep Power
    4

    Default

    Thank you for your instant reply.

    The server is running the latest version:
    Code:
    Release 8.0.6_GA_5922.RHEL6_64_20131203103705 RHEL6_64 FOSS edition.
    Our server is indeed not an open relay.
    Spammers where using port 25 to relay spam with authentication,
    I've only noticed it after some time, which is not good.

    Complex passwords wont be helping.
    after a user's PC is compromised, the password would be still leaked out,..

    That user might have been targeted by a password grabber,
    searching for configuration settings of most used e-mail clients.
    and forwarding these to big spam botnets.

    And I am afraid this is not an one time event.

    If I can only allow port 25 to deliver mail locally only, and not allowing mail to be relayed, it would help a lot I think.

  4. #4
    phoenix is online now Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,566
    Rep Power
    57

    Default

    Quote Originally Posted by driesp View Post
    Spammers where using port 25 to relay spam with authentication,
    That is not a relay, it is an authenticated user sending mail where thay want to send mail.

    I've only noticed it after some time, which is not good.

    Quote Originally Posted by driesp View Post
    Complex passwords wont be helping.
    after a user's PC is compromised, the password would be still leaked out,..
    You didn't mention that earlier you just said the 'password is compromised'.

    Quote Originally Posted by driesp View Post
    That user might have been targeted by a password grabber,
    searching for configuration settings of most used e-mail clients.
    and forwarding these to big spam botnets.
    then you need to do something about your users security awareness.

    Quote Originally Posted by driesp View Post
    If I can only allow port 25 to deliver mail locally only, and not allowing mail to be relayed, it would help a lot I think.
    That will stop your users from sending mail anywhere, is that really what you want? Look into using PolicyD (details in the wiki and forums) or the milter or some of the articles on the wiki for restricting where your users can send mail.
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  5. #5
    driesp is offline New Member
    Join Date
    May 2011
    Posts
    4
    Rep Power
    4

    Default

    Thank you again.

    These are all path's we have considered.
    we should indeed give our users a better understanding of what's dangerous or not.
    The problem is, this is not always possible, we cannot always watch their backs.

    Our users are all using port 465 to send mail,
    outlook is configured to send mail over smtp port 465 with ssl
    this is also true for pop port 995 with ssl

    Now if we could also disable port 25 to disallow smtp authentication to send mail
    we will definitely discourage spammers of using our systems to relay spam.

    And only allowing port 465 (which is only allowed to connect to from our IP addresses)
    to accept smtp authentication to relay (or send) mail.

  6. #6
    phoenix is online now Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,566
    Rep Power
    57

    Default

    Quote Originally Posted by driesp View Post
    And only allowing port 465 (which is only allowed to connect to from our IP addresses)
    to accept smtp authentication to relay (or send) mail.
    Port 587 is the correct Submission port and requires authentication, you should use that for mail submission.
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. disable send mail from telnet on port 25
    By elpteam in forum Administrators
    Replies: 3
    Last Post: 05-09-2013, 01:52 AM
  2. disable email receiving on single account
    By leocor in forum Administrators
    Replies: 3
    Last Post: 01-18-2013, 03:55 AM
  3. Any option to keep relayed mail in SENT folder?
    By Labsy in forum Administrators
    Replies: 0
    Last Post: 01-03-2013, 03:41 PM
  4. How do I disable sending and receiving?
    By Pioden in forum Administrators
    Replies: 5
    Last Post: 12-12-2012, 12:24 AM
  5. how do i disable smtp port ssl for certain users
    By blason in forum Administrators
    Replies: 0
    Last Post: 10-09-2012, 11:31 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •