RE: how to block SMTP Commands without ISA Ser ver
- From: "Gabrie van Zanten" <gabrie@xxxxxxxxxxxxxxxx>
- To: "[ExchangeList]" <exchangelist@xxxxxxxxxxxxx>
- Date: Wed, 3 Dec 2003 20:41:59 +0100
Hi everyone....
I agree with you all that this is not a prefered method. I was just
pointing out that there is a way and that some firewall software knows
how to distignuish (did I spell that right?) between real mailserver
connections and human telnet connections.
Please don't shoot the messenger :-) LOL
Gabrie
> -----Original Message-----
> From: Mulnick, Al [mailto:Al.Mulnick@xxxxxxxxxx]
> Sent: Wednesday, December 03, 2003 8:31 PM
> To: [ExchangeList]
> Subject: [exchangelist] RE: how to block SMTP Commands
> without ISA Ser ver
>
> http://www.MSExchange.org/
>
> Yup. You could also be denying a slow mailer that would
> otherwise work.
> Overloaded mailers and network latency could be inadvertently
> be trapped if you use such a feature of a firewall. In other
> words, you may commit a cardinal sin of email by denying
> valid traffic by implementing such a firewall feature. Very risky.
>
>
>
>
> -----Original Message-----
> From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxxxxxxxxx]
> Sent: Wednesday, December 03, 2003 2:15 PM
> To: [ExchangeList]
> Subject: [exchangelist] RE: how to block SMTP Commands
> without ISA Server
>
> http://www.MSExchange.org/
>
> Hi Gabrie,
>
> However, I can script the same commands and make it a bit quicker ;-)
>
> Tom
>
> Thomas W Shinder
> www.isaserver.org/shinder
> ISA Server and Beyond: http://tinyurl.com/1jq1 Configuring ISA Server:
> http://tinyurl.com/1llp
>
>
>
>
> -----Original Message-----
> From: Gabrie van Zanten [mailto:gabrie@xxxxxxxxxxxxxxxx]
> Sent: Wednesday, December 03, 2003 12:30 PM
> To: [ExchangeList]
> Subject: [exchangelist] RE: how to block SMTP Commands
> without ISA Server
>
>
> http://www.MSExchange.org/
>
> NOT QUITE CORRECT !!!!
>
> I don't know how to do this with Exchange, but in some
> firewalls (I know Raptor has it), you can block TELNET to
> port 25. What the firewall does, is time how long it takes
> for the commands to be entered. A mail server connecting to
> yours on port 25, would fire those commands quite rappidly,
> when a human would do this, it would be much slower. Based on
> this, the firewall blocks entering commands by hand.
>
> Yes -> port 25 has to remain open
> Yes -> you could trap humans on port 25
> No -> I don't think exchange can do this for you
>
> I don't know what your security risk would be allowing humans
> to telnet to port 25.
>
> Gabrie
>
>
> > -----Original Message-----
> > From: Mark Fugatt [mailto:mark@xxxxxxxxx]
> > Sent: Wednesday, December 03, 2003 7:18 PM
> > To: [ExchangeList]
> > Subject: [exchangelist] RE: how to block SMTP Commands without ISA
> > Server
> >
> > http://www.MSExchange.org/
> >
> > Exactly
> >
> > Mark Fugatt
> > MCT, MCSE, Microsoft Exchange MVP
> > Pentech Office Solutions Inc
> > Tel: 585 586 3890
> > Cell: 585 576 4750
> > Fax: 585 249 0316
> > MSN IM: mark@xxxxxxxxx
> > www.4mcts.com
> > www.exchangetrainer.com
> >
> >
> > -----Original Message-----
> > From: Militello, John [mailto:jmilitello@xxxxxxxxxxxxx]
> > Sent: Wednesday, December 03, 2003 1:15 PM
> > To: [ExchangeList]
> > Subject: [exchangelist] RE: how to block SMTP Commands without ISA
> > Server
> >
> > http://www.MSExchange.org/
> >
> > Port 25 has to remain open. If your server is setup correctly (No
> > Relaying) you should not be worried about it. No one can
> get a message
> > off if the server is set up correctly.
> >
> >
> >
> > -----Original Message-----
> > From: Mark Fugatt [mailto:mark@xxxxxxxxx]
> > Sent: Wednesday, December 03, 2003 12:39 PM
> > To: [ExchangeList]
> > Subject: [exchangelist] RE: how to block SMTP Commands without ISA
> > Server
> >
> > http://www.MSExchange.org/
> >
> > 20 and 21 are FTP, you cannot stop people from using a
> Telnet client
> > and connecting to port 25 on your SMTP server without
> blocking port 25
> > which would defeat the object of having an SMTP server.
> >
> > Mark Fugatt
> > MCT, MCSE, Microsoft Exchange MVP
> > Pentech Office Solutions Inc
> > Tel: 585 586 3890
> > Cell: 585 576 4750
> > Fax: 585 249 0316
> > MSN IM: mark@xxxxxxxxx
> > www.4mcts.com
> > www.exchangetrainer.com
> >
> >
> > -----Original Message-----
> > From: oevans@xxxxxxxxxxxxxxx [mailto:oevans@xxxxxxxxxxxxxxx]
> > Sent: Wednesday, December 03, 2003 12:30 PM
> > To: [ExchangeList]
> > Subject: [exchangelist] RE: how to block SMTP Commands without ISA
> > Server
> >
> > http://www.MSExchange.org/
> >
> >
> > What you do is deny port 21 and 20 on your firewall that points to
> > your mail server.
> > E.g. if your mail server is 192.168.100.5 then you would use:
> >
> > access-list 101 deny tcp any host 192.168.100.5 eq telnet
> >
> > This pertains to a pix firewall but you may have some other brand.
> >
> > O.e
> >
> > -----Original Message-----
> > From: Victor Naranjo [mailto:vnaranjo@xxxxxxxxxxxxx]
> > Sent: Wednesday, December 03, 2003 12:14 PM
> > To: [ExchangeList]
> > Subject: [exchangelist] RE: how to block SMTP Commands without ISA
> > Server
> >
> > http://www.MSExchange.org/
> >
> > I can connect to Exchange Server doing telnet session to port
> > 25 and execute commands like, helo domain, mail from, etc
> and send a
> > message to an internal mailbox making impersonation .
> >
> > This is a security issue, how to block this smtp commands
> is anybody
> > make a telnet session to port 25?
> >
> > -----Original Message-----
> > From: Mulnick, Al [mailto:Al.Mulnick@xxxxxxxxxx]
> > Sent: Wednesday, December 03, 2003 11:48 AM
> > To: [ExchangeList]
> > Subject: [exchangelist] RE: how to block SMTP Commands without ISA
> > Server
> >
> > http://www.MSExchange.org/
> >
> > Can you give an example of what you want? I suspect that blocking
> > commands means one thing to you and something different to me. I
> > think of blocking commands as disabling verbs. I suspect
> you want to
> > block specific users from sending you email. A deny or block list.
> >
> >
> > Al
> >
> >
> >
> > -----Original Message-----
> > From: Victor Hugo Naranjo [mailto:vnaranjo@xxxxxxxxxxxxx]
> > Sent: Wednesday, December 03, 2003 11:40 AM
> > To: [ExchangeList]
> > Subject: [exchangelist] how to block SMTP Commands without
> ISA Server
> >
> > http://www.MSExchange.org/
> >
> > Help with this...
> > =20
> > In Exchange 5.5, 2000 and 2003 how to block SMTP Commands
> > without ISA = Server?
> > If the Mail from: (SMTP Command) is blocked, Can I still
> > receive Internet eMails?
> >
> >
> > Victor Naranjo
> > CONSULTANT
> > SYNERGY
> >
> >
> >
> > ------------------------------------------------------
> > List Archives:
> > http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
> > Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp
> > Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ
> > ------------------------------------------------------
> > Other Internet Software Marketing Sites:
> > Leading Network Software Directory: http://www.serverfiles.com
> > No.1 ISA Server Resource Site: http://www.isaserver.org
> > Windows Security Resource Site:
> > http://www.windowsecurity.com/ Network Security Library:
> > http://www.secinf.net/ Windows 2000/NT Fax Solutions:
> > http://www.ntfaxfaq.com
> > ------------------------------------------------------
> >
> > ------------------------------------------------------
> > List Archives:
> > http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
> > Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp
> > Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ
> > ------------------------------------------------------
> > Other Internet Software Marketing Sites:
> > Leading Network Software Directory: http://www.serverfiles.com
> > No.1 ISA Server Resource Site: http://www.isaserver.org
> > Windows Security Resource Site:
> > http://www.windowsecurity.com/ Network Security Library:
> > http://www.secinf.net/ Windows 2000/NT Fax Solutions:
> > http://www.ntfaxfaq.com
> > ------------------------------------------------------
> >
> >
> >
> > ------------------------------------------------------
> > List Archives:
> > http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
> > Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp
> > Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ
> > ------------------------------------------------------
> > Other Internet Software Marketing Sites:
> > Leading Network Software Directory: http://www.serverfiles.com
> > No.1 ISA Server Resource Site: http://www.isaserver.org
> > Windows Security Resource Site:
> > http://www.windowsecurity.com/ Network Security Library:
> > http://www.secinf.net/ Windows 2000/NT Fax Solutions:
> > http://www.ntfaxfaq.com
> > ------------------------------------------------------
> >
> > ------------------------------------------------------
> > List Archives:
> > http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
> > Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp
> > Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ
> > ------------------------------------------------------
> > Other Internet Software Marketing Sites:
> > Leading Network Software Directory: http://www.serverfiles.com
> > No.1 ISA Server Resource Site: http://www.isaserver.org
> > Windows Security Resource Site:
> > http://www.windowsecurity.com/ Network Security Library:
> > http://www.secinf.net/ Windows 2000/NT Fax Solutions:
> > http://www.ntfaxfaq.com
> > ------------------------------------------------------
> >
> >
> >
> >
> > ------------------------------------------------------
> > List Archives:
> > http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
> > Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp
> > Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ
> > ------------------------------------------------------
> > Other Internet Software Marketing Sites:
> > Leading Network Software Directory: http://www.serverfiles.com
> > No.1 ISA Server Resource Site: http://www.isaserver.org
> > Windows Security Resource Site:
> > http://www.windowsecurity.com/ Network Security Library:
> > http://www.secinf.net/ Windows 2000/NT Fax Solutions:
> > http://www.ntfaxfaq.com
> > ------------------------------------------------------
> >
> >
> > ------------------------------------------------------
> > List Archives:
> > http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
> > Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp
> > Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ
> > ------------------------------------------------------
> > Other Internet Software Marketing Sites:
> > Leading Network Software Directory: http://www.serverfiles.com
> > No.1 ISA Server Resource Site: http://www.isaserver.org
> > Windows Security Resource Site:
> > http://www.windowsecurity.com/ Network Security Library:
> > http://www.secinf.net/ Windows 2000/NT Fax Solutions:
> > http://www.ntfaxfaq.com
> > ------------------------------------------------------
> >
> >
> >
> >
> > ------------------------------------------------------
> > List Archives:
> > http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
> > Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp
> > Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ
> > ------------------------------------------------------
> > Other Internet Software Marketing Sites:
> > Leading Network Software Directory: http://www.serverfiles.com
> > No.1 ISA Server Resource Site: http://www.isaserver.org
> > Windows Security Resource Site:
> > http://www.windowsecurity.com/ Network Security Library:
> > http://www.secinf.net/ Windows 2000/NT Fax Solutions:
> > http://www.ntfaxfaq.com
> > ------------------------------------------------------
> >
> >
>
> ------------------------------------------------------
> List Archives:
> http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
> Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp
> Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Other Internet Software Marketing Sites:
> Leading Network Software Directory: http://www.serverfiles.com
> No.1 ISA Server Resource Site: http://www.isaserver.org
> Windows Security Resource Site: http://www.windowsecurity.com/
> Network Security Library: http://www.secinf.net/
> Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
> ------------------------------------------------------
>
> ------------------------------------------------------
> List Archives:
> http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
> Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp
> Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Other Internet Software Marketing Sites:
> Leading Network Software Directory: http://www.serverfiles.com
> No.1 ISA Server Resource Site: http://www.isaserver.org
> Windows Security Resource Site: http://www.windowsecurity.com/
> Network Security Library: http://www.secinf.net/
> Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
> ------------------------------------------------------
>
> ------------------------------------------------------
> List Archives:
> http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
> Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp
> Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Other Internet Software Marketing Sites:
> Leading Network Software Directory: http://www.serverfiles.com
> No.1 ISA Server Resource Site: http://www.isaserver.org
> Windows Security Resource Site: http://www.windowsecurity.com/
> Network Security Library: http://www.secinf.net/
> Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
> ------------------------------------------------------
>
>
Other related posts:
