• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion

Question Block port 25 or not?

P

Pleskie

Regular Pleskian
In order to "protect your server against unauthorized mail relaying or injection of unsolicited bulk mail" (as the manual says), in the mail settings I enabled message submission to allow sending emails through port 587.

Am I supposed to block port 25 in the firewall now? I'm not totally sure ...
 
Assuming, that you still want to receive mails from the outside world, you should better not do that.
If I remember correctly, though, you can disable submission (i.e. sending outgoing) mail on port 25 if you really want to.
 
Thanks theSilent

I also use the server to send mails from my mail client at home to other people, so disabling outgoing mail would not be a good idea then, I assume.

What I don't understand ... and please DO correct me if I'm wrong ...

The manual says I can use port 587 to prevent some sort of spam attacks (unauthorized mail relaying or injection of unsolicited bulk mail) on port 25. So now I use port 587, but if port 25 stays open ... then what is the difference? How will I be 'extra' protected?
 
Hi theSilent

I had read that post by coincidence before you mentioned it. It doesn't answer my question though. Well maybe I should rephrase my question a little bit.

I enabled message submission in Plesk. Iis there anything else I should do? Or am I now fully protected against (as the manual says) "unauthorized mail relaying or injection of unsolicited bulk mail"? Do I need to do anything else, or was ticking the box to enable message submission the only thing I had to do and am I safe now?
 
If I am not mistaken even in the default Plesk configuration you cannot send mail without authentication over your mail server (with the exception of localhost). So, enabling port 587 is a good thing but you can just as well use port 25 (as long as you remember to enable TLS/SSL). Port 587 forces you to use TLS/SSL, so that's a plus.
So yes, I think you should be alright :)
 
Thanks theSilent

I hope you're right then.

The thing is ... the manual says that I can enable port 587 to protect myself from bulk mail attacks.

But ... if the only thing that happens is that another port (587) is opened, and all the rest stays exactly the same ... then how does this protect me? I don't see it :(

It's like someone says: hey, your front door is unsafe .... let's build another much more safe door at the back at the house. Good idea! But it doesn't help if the same unsafe front door will still be available.

You see my point?
 
W
Pleskie said:
Thanks theSilent

I hope you're right then.

The thing is ... the manual says that I can enable port 587 to protect myself from bulk mail attacks.

But ... if the only thing that happens is that another port (587) is opened, and all the rest stays exactly the same ... then how does this protect me? I don't see it :(

It's like someone says: hey, your front door is unsafe .... let's build another much more safe door at the back at the house. Good idea! But it doesn't help if the same unsafe front door will still be available.

You see my point?
Click to expand...

If you're interested in protecting yourself you could also disable php send mail in the mail server settings area. Hacked/compromised scripts such as WordPress are the biggest cause of mail server abuse. This will force all sites hosted on the server to only send mail via SMTP.
 
Thanks krism, however that is not what my question is about. My actual question is ... in what way do I get better protection against "unauthorized mail relaying or injection of unsolicited bulk mail" (as the manual says) when I enable message submission? How does this extra protection work? I wonder why no one (staff?) knows the answer to this.
 
I'm pretty sure on our old server w/ Plesk 9 it did turn off relaying via port 25 but just discovered on Plesk Onyx it doesn't. Maybe something got missed in the newer versions? Note: Using port 587 does allow you to run stricter antispam since tests like RBL checks, Spamdyke and such are only run on port 25. With good antispam it also has a side effect of blocking some email hack attempts. That's why port 587 exists as an alternative. Otherwise, the antispam would sometimes block you sending email from your client.
 
You must log in or register to reply here.

Similar threads

P
Resolved Force Plesk to use port 25 alternative (Digital Ocean refuses to open 25)
Replies
4
Views
352
Paul Larson
P
M
Issue Can't open Port 25. Please help
Replies
2
Views
394
mhogue
M
B
Issue You cannot send emails from Plesk because outbound connections on TCP port 25 is blocked.
Replies
10
Views
2K
jlocana
jlocana
A
Question Email configuration
Replies
3
Views
7K
Peter Debik
P
Y
Resolved Mail doesn't work - Help needed
Replies
6
Views
1K
ybico
Y
Back
Top