Sparm Filter..25 or 23?

coldbugcoldbug Member Posts: 189
Which port should be closed for Spam Filter? Is it 23 or 25? Do I want to keep that port open or close?
"If you want to kick the tiger in his ass, you'd better have a plan for dealing with his teeth."

Comments

  • cyberguyprcyberguypr Mod Posts: 6,928 Mod
    Port 23 is telnet. Please tell me you don't actually have this open. If you do please give me your public IP for a free pen test.
  • jibtechjibtech Member Posts: 424 ■■■■■□□□□□
    cyberguypr wrote: »
    Port 23 is telnet. Please tell me you don't actually have this open. If you do please give me your public IP for a free pen test.

    Quoted for truth.
  • coldbugcoldbug Member Posts: 189
    Found out it is Port 25 and this is my current understanding of the whole thing:
    TLS encryption..Transport Layer Security encryption works at that layer before the e-mail is reached to Presentation and Application Layers where the recipient have STARTTLS encryption key. Spam can not be detected by IDS since TLS had already encrypted the data, so some companies secretly turn off TLS connection which violates EU Laws and Privacy Protection Policy.
    If I block all outgoing on Port 25, which service or protocol to use for e-mails? SMTP? But how to direct traffic to that port?
    "If you want to kick the tiger in his ass, you'd better have a plan for dealing with his teeth."
  • p@r0tuXusp@r0tuXus Member Posts: 532 ■■■■□□□□□□
    Port 587 for SMTP over TLS?
    Completed: ITIL-F, A+, S+, CCENT, CCNA R|S
    In Progress: Linux+/LPIC-1, Python, Bash
    Upcoming: eJPT, C|EH, CSA+, CCNA-Sec, PA-ACE
  • TheFORCETheFORCE Member Posts: 2,297 ■■■■■■■■□□
    coldbug wrote: »
    Found out it is Port 25 and this is my current understanding of the whole thing:
    TLS encryption..Transport Layer Security encryption works at that layer before the e-mail is reached to Presentation and Application Layers where the recipient have STARTTLS encryption key. Spam can not be detected by IDS since TLS had already encrypted the data, so some companies secretly turn off TLS connection which violates EU Laws and Privacy Protection Policy.
    If I block all outgoing on Port 25, which service or protocol to use for e-mails? SMTP? But how to direct traffic to that port?

    You should not be involved in this project. Clearly you do not have a good understanding of what you are doing.
  • JasminLandryJasminLandry Member Posts: 601 ■■■□□□□□□□
    TheFORCE wrote: »
    You should not be involved in this project. Clearly you do not have a good understanding of what you are doing.

    That's exactly what I was thinking icon_rolleyes.gif
  • jamesleecolemanjamesleecoleman Member Posts: 1,899 ■■■■■□□□□□
    coldbug wrote: »
    Which port should be closed for Spam Filter? Is it 23 or 25? Do I want to keep that port open or close?


    Please tell us what you're trying to do or if you're studying for something.
    Booya!!
    WIP : | CISSP [2018] | CISA [2018] | CAPM [2018] | eCPPT [2018] | CRISC [2019] | TORFL (TRKI) B1 | Learning: | Russian | Farsi |
    *****You can fail a test a bunch of times but what matters is that if you fail to give up or not*****
  • coldbugcoldbug Member Posts: 189
    I have passed this issue to Network Admin. Hope they will figure it out.
    "If you want to kick the tiger in his ass, you'd better have a plan for dealing with his teeth."
  • coldbugcoldbug Member Posts: 189
    Please tell us what you're trying to do or if you're studying for something.
    I work for Desktop Support, and got a ticket "User can't send or receive e-mails on Outlook client" So, I was thinking this was Port issue, but you guys are right. I shouldn't be messing with it.
    "If you want to kick the tiger in his ass, you'd better have a plan for dealing with his teeth."
  • BlackBeretBlackBeret Member Posts: 683 ■■■■■□□□□□
    What in the world are you working on? If you're trying to set up a spam filter, yes port 25 is going to be your problem by default. Where are you getting that TLS can't be examined by your spam filters? Do you have a public facing and open SMTP relay? What you need to do is configure your SMTP server for authenicated access only, preferrably only from inside the network.

    If you're working on an actual project and this isn't a hypothetical you need to admit that you're over your head when you don't know the difference between ports 23 and 25 default services. Then you need to bring your SMTP server inside of the network (or DMZ), and configure it so that it can't relay anonymous traffic. In-bound traffic must be delivered to an internal reciepent, out-bound traffic must come from an authenticated internal user. This should prevent your SMTP server from being used as a spam relay.

    I don't know EU data laws so I can't recommend having a decent enterprise solution that will handle encryption/decryption of data.
  • NetworkNewbNetworkNewb Member Posts: 3,298 ■■■■■■■■■□
    coldbug wrote: »
    I work for Desktop Support, and got a ticket "User can't send or receive e-mails on Outlook client" So, I was thinking this was Port issue, but you guys are right. I shouldn't be messing with it.

    It could be a lot of simple errors that cause that. Internet connectivity, Mailbox is full, maybe Outlook is storing an old credentials... Unless this happening for everyone in the office you probably should've kept that ticket.
  • coldbugcoldbug Member Posts: 189
    It's only her PC. Not internet connectivity. Outlook is connected.
    They migrated 2010 Outlook Boxes to 2016 and that mailbox exchange just finished a few days ago. So, maybe it's still merging. I can reassign the ticket back to me myself, but what other steps can I do?
    "If you want to kick the tiger in his ass, you'd better have a plan for dealing with his teeth."
  • paul78paul78 Member Posts: 3,016 ■■■■■■■■■■
    coldbug wrote: »
    ... but what other steps can I do?
    You may want to start by not complicating the problem. Can you describe the symptoms? It's unlikely to be related to SMTP since Outlook is not going to be using SMTP to connect to the Exchange server.

    And EU regs are not related to this - icon_smile.gif - so that others don't get the wrong idea since @blackberet already mentioned it - while I haven't finished reading the GDPR or the NIS Directive, it is highly unlikely that there are prescriptive requirements on the use of TLS for SMTP - that would be extremely unusual.
  • Infosec85Infosec85 Member Posts: 192 ■■■□□□□□□□
    cyberguypr wrote: »
    Port 23 is telnet. Please tell me you don't actually have this open. If you do please give me your public IP for a free pen test.

    Haha golden!
  • Fulcrum45Fulcrum45 Member Posts: 621 ■■■■■□□□□□
    Have you tried creating a new Outlook profile as a test? If it's just her I cant believe it's a network issue provided she's able to communicate elsewhere on the network and beyond.
  • p@r0tuXusp@r0tuXus Member Posts: 532 ■■■■□□□□□□
    I get the sense that you copy-pasted the bulk of your post about TLS. From the TLS mention down to the Privacy Policy part. I'm in agreement that SMTP wouldn't be your issue with Exchange. Is this a physical or virtual machine? Profile running on citrix? Have you checked Software Center to see if that upgrade to 2016 completed successfully? Can the user access the web-mail version of their account via OWA?
    Completed: ITIL-F, A+, S+, CCENT, CCNA R|S
    In Progress: Linux+/LPIC-1, Python, Bash
    Upcoming: eJPT, C|EH, CSA+, CCNA-Sec, PA-ACE
Sign In or Register to comment.