Sparm Filter..25 or 23?

coldbug · May 2017

Which port should be closed for Spam Filter? Is it 23 or 25? Do I want to keep that port open or close?

cyberguypr · May 2017

Port 23 is telnet. Please tell me you don't actually have this open. If you do please give me your public IP for a free pen test.

jibtech · May 2017

cyberguypr wrote: »

Port 23 is telnet. Please tell me you don't actually have this open. If you do please give me your public IP for a free pen test.

Quoted for truth.

coldbug · May 2017

Found out it is Port 25 and this is my current understanding of the whole thing:
TLS encryption..Transport Layer Security encryption works at that layer before the e-mail is reached to Presentation and Application Layers where the recipient have STARTTLS encryption key. Spam can not be detected by IDS since TLS had already encrypted the data, so some companies secretly turn off TLS connection which violates EU Laws and Privacy Protection Policy.
If I block all outgoing on Port 25, which service or protocol to use for e-mails? SMTP? But how to direct traffic to that port?

p@r0tuXus · May 2017

Port 587 for SMTP over TLS?

TheFORCE · May 2017

coldbug wrote: »

Found out it is Port 25 and this is my current understanding of the whole thing:
TLS encryption..Transport Layer Security encryption works at that layer before the e-mail is reached to Presentation and Application Layers where the recipient have STARTTLS encryption key. Spam can not be detected by IDS since TLS had already encrypted the data, so some companies secretly turn off TLS connection which violates EU Laws and Privacy Protection Policy.
If I block all outgoing on Port 25, which service or protocol to use for e-mails? SMTP? But how to direct traffic to that port?

You should not be involved in this project. Clearly you do not have a good understanding of what you are doing.

JasminLandry · May 2017

TheFORCE wrote: »

You should not be involved in this project. Clearly you do not have a good understanding of what you are doing.

That's exactly what I was thinking

jamesleecoleman · May 2017

coldbug wrote: »

Which port should be closed for Spam Filter? Is it 23 or 25? Do I want to keep that port open or close?

Please tell us what you're trying to do or if you're studying for something.

coldbug · May 2017

I have passed this issue to Network Admin. Hope they will figure it out.

coldbug · May 2017

jamesleecoleman wrote: »

Please tell us what you're trying to do or if you're studying for something.

I work for Desktop Support, and got a ticket "User can't send or receive e-mails on Outlook client" So, I was thinking this was Port issue, but you guys are right. I shouldn't be messing with it.

BlackBeret · May 2017

What in the world are you working on? If you're trying to set up a spam filter, yes port 25 is going to be your problem by default. Where are you getting that TLS can't be examined by your spam filters? Do you have a public facing and open SMTP relay? What you need to do is configure your SMTP server for authenicated access only, preferrably only from inside the network.

If you're working on an actual project and this isn't a hypothetical you need to admit that you're over your head when you don't know the difference between ports 23 and 25 default services. Then you need to bring your SMTP server inside of the network (or DMZ), and configure it so that it can't relay anonymous traffic. In-bound traffic must be delivered to an internal reciepent, out-bound traffic must come from an authenticated internal user. This should prevent your SMTP server from being used as a spam relay.

I don't know EU data laws so I can't recommend having a decent enterprise solution that will handle encryption/decryption of data.

NetworkNewb · May 2017

coldbug wrote: »

I work for Desktop Support, and got a ticket "User can't send or receive e-mails on Outlook client" So, I was thinking this was Port issue, but you guys are right. I shouldn't be messing with it.

It could be a lot of simple errors that cause that. Internet connectivity, Mailbox is full, maybe Outlook is storing an old credentials... Unless this happening for everyone in the office you probably should've kept that ticket.

coldbug · May 2017

It's only her PC. Not internet connectivity. Outlook is connected.
They migrated 2010 Outlook Boxes to 2016 and that mailbox exchange just finished a few days ago. So, maybe it's still merging. I can reassign the ticket back to me myself, but what other steps can I do?

paul78 · May 2017

coldbug wrote: »

... but what other steps can I do?

You may want to start by not complicating the problem. Can you describe the symptoms? It's unlikely to be related to SMTP since Outlook is not going to be using SMTP to connect to the Exchange server.

And EU regs are not related to this -

- so that others don't get the wrong idea since @blackberet already mentioned it - while I haven't finished reading the GDPR or the NIS Directive, it is highly unlikely that there are prescriptive requirements on the use of TLS for SMTP - that would be extremely unusual.

Infosec85 · May 2017

cyberguypr wrote: »

Port 23 is telnet. Please tell me you don't actually have this open. If you do please give me your public IP for a free pen test.

Haha golden!

Fulcrum45 · May 2017

Have you tried creating a new Outlook profile as a test? If it's just her I cant believe it's a network issue provided she's able to communicate elsewhere on the network and beyond.

p@r0tuXus · May 2017

I get the sense that you copy-pasted the bulk of your post about TLS. From the TLS mention down to the Privacy Policy part. I'm in agreement that SMTP wouldn't be your issue with Exchange. Is this a physical or virtual machine? Profile running on citrix? Have you checked Software Center to see if that upgrade to 2016 completed successfully? Can the user access the web-mail version of their account via OWA?

Sparm Filter..25 or 23?

Comments