1. Please take a little time for this simple survey! Thank you for participating!
    Dismiss Notice
  2. Dear Pleskians, please read this carefully! New attachments and other rules Thank you!
    Dismiss Notice
  3. Dear Pleskians, I really hope that you will share your opinion in this Special topic for chatter about Plesk in the Clouds. Thank you!
    Dismiss Notice

Does "Enable message submission" block Port 25?

Discussion in 'Plesk for Linux - 8.x and Older' started by damon, Dec 29, 2008.

  1. damon

    damon Guest

    0
     
    I've read the docs and searched but I can't find out for sure if checking the box "Enable message submission" in Mail settings will allow clients to send mail using both 25 and 587, or only 587.

    Which way does the check box work?
     
  2. faris

    faris Guest

    0
     
    No, enabling submission simply adds port 587. It has no effect on 25.
     
    tkalfaoglu likes this.
  3. damon

    damon Guest

    0
     
    Faris,

    Excellent, that's what I was hoping.

    I just didn't want to check the box and then find that no one could send mail.

    My question came up because of the warning in the plesk admin guide:

     
  4. faris

    faris Guest

    0
     
    It is alwasy better to be safe than sorry!

    What the documentation is trying to say is that in order to use the submission port, your users will need to switch to port 587. They will still be able to use port 25 if they want. Essentially all that happens is that a second instance of the smtp server is started, listening in port 587 and REQUIRING authentication.

    Faris.
     
  5. Cnote

    Cnote Basic Pleskian

    24
    23%
    Joined:
    May 17, 2005
    Messages:
    53
    Likes Received:
    0
    If port 25 stays open is my server still vulnerable to unauthorized mail relaying or injection of unsolicited bulk mail?
     
  6. faris

    faris Guest

    0
     
    Port 25 is the port used to deliver email to your system. If you close it then no email will ever arrive in anybody's mailbox.

    But as to being vulnerable to unauthorised mail relay or injection of unsolicited email....opening port 587 makes no difference because your system should not and is unlikely to be vulnerable to start with.

    Unless you have deliberately done something that allows people to use your server to send email without authentication, or there is an unknown bug somewhere in the system, your system won't be vulnerable.

    Of course someone might guess a username/password for one of your users, or you might have an insecure web form (php or cgi or whatever) on your system, but that's about it.

    Or have I misunderstood your question and why you were asking?

    Faris.
     
  7. Cnote

    Cnote Basic Pleskian

    24
    23%
    Joined:
    May 17, 2005
    Messages:
    53
    Likes Received:
    0
    Yes, that answers my question.... I had a problem this morning, somehow a php file was loaded to a clients folder (writable by apache) and started sending thousands of emails.... Can I somehow set my mail system to only allow a certain number of emails to be sent at a time?
     
  8. faris

    faris Guest

    0
     
    Slowing down or limiting outgoing email is sometimes known as tarpitting.

    There are some patches for qmail that allow this but patching qmail is a nightmare.

    I'm not sure if it is easier with postfix (in Plesk 9) or not. I've not really looked into postfix.

    What you might want to do as a sensible "inbetween" measure would be to install something that would monitor qmail's queue and alert you if it gets big. That can be an indication something is wrong.

    You might also like to increase the security on your system to help prevent malicious uploads.

    One way to monitor qmail is using 4PSA's Server Assistant package. (www.4psa.com) [commercial product]

    And to increase security, installing ASL would be wise (www.atomicrocketturtle.com) [commercial product]

    Faris.
     
Loading...