blocking port 25 with firewall

[jpwdesigns]

Hi, what happens if i block incoming connections to my server on port 25? Since i opened up an alternate port for customers to connect and send out email, they will still be able to do SMTP.....

My quesetion is what will happen to incoming mail? when someone sends an email to a mail box on my server what port do the 2 servers talk on? And if i block incoming port 25 connections will my server suddenly be unable to receive email being delivered to mailboxes on my server?

Thanks for the help.

J

 

[atomicturtle]

Yup, you won't get mail to your server any more.

 

[jpwdesigns]

What about this....

What if i just disable smtp in xinetd?

service smtp
{
socket_type = stream
protocol = tcp
wait = no
disable = yes
user = root
instances = UNLIMITED
env = SMTPAUTH=1 POPLOCK_TIME=20 SHORTNAMES=1
server = /var/qmail/bin/tcp-env
server_args = -Rt0 /usr/sbin/rblsmtpd -r zen.spamhaus.org /var/qmail/bin/relaylock /var/qmail/bin/qmail-smtpd /var/qmail/bin/smtp_auth /var/qmail/bin/true /var/qmail/bin/cmd5checkpw /var/qmail/bin/true
}

Basically I want to cut down on all of the spam bots connecting to the server to try to send out spam thinking that it might keep the server from wasting resources checking to see if these connections are authorized.

I've tried grey listing before and kinda liked it but too many customers complained bout mail working too slowly. Also im trying to optimize the server and cut down on excess activity

 

[wsani]

Sounds to me you need to look into an IDS instead.

 

[jpwdesigns]

Apf

I have apf and bfd installed. Before bfd wasn't checking my maillog file but i got that going now. That still doesn't really help that much when there are new connections all the time as you know. Im not really worried about intrusions im trying to stop the connections from eating up resources. Like i said, greylisting does that but if I can turn off something from listening on port 25 or block something on port 25 that would do the trick.

 

[faris]

I'm not really clear about that you want to do.

Port 25 is what server to server email uses. If you turn that off/block it, you won't get any email at all. Full stop.

Greylisting might or might not decrease the load - each attempt to deliver an email to your server will still require resources, then there has to be some load for the greylisting itself, even if it means the email doesn't then get processed through your AV or AS.

You could reduce the maximum number of smtp instances I suppose. Thats's the instances = UNLIMITED line in the config file. But that will also impact customers because incoming email from legis sources may bounce.

What might really help would be to try installing spamdyke (www.spamdyke.org) and enable rejection of messages with no rDNS and no MX record, and use at least zen.spamhaus.org and potentially some other rbldns checks (you are probably doing so already though).

Spamdyke will spend most of its time doing dns lookups, which aren't terribly resource-consuming. You'll still need an smtp instance for each incoming connection, so if that's the source of your problem then this won't help. I don't think anything will. Your only option would be to potentially rate limit incoming connections (I don't know how to do that), or use a separate server (a small VPS should do) for processing email.

Faris.