Koozali.org: home of the SME Server

Port 25 on local network

Offline howard5091

  • 8
  • +0/-0
Port 25 on local network
« on: May 04, 2016, 04:12:04 PM »
I am using port 465 SSL for all mail clients to use to send mail through the SME server.  I see no need to have port 25 open as I feel that it is being used to send spam.  How do I close port 25 on the internal network in order to make things more secure?  I have port 25 limited to the IP of my mail filter appliance on the outside already.

Thank you,

Brandon

Offline Daniel B.

  • *
  • 1,699
  • +0/-0
    • Firewall Services, la sécurité des réseaux
Re: Port 25 on local network
« Reply #1 on: May 04, 2016, 04:28:35 PM »
With the default config, relay won't be allowed on port 25 without authentication. So it's equivalent to port 465 (the difference is that port 465 uses TLS from the start while on port 25 you have to use STARTTLS to upgrade it to a secure connection before you can auth). I see no reason to block this from the local network. What makes you think it's used from the inside to send spam ?
C'est la fin du monde !!! :lol: