20 and 21 are FTP, you cannot stop people from using a Telnet client and connecting to port 25 on your SMTP server without blocking port 25 which would defeat the object of having an SMTP server. Mark Fugatt MCT, MCSE, Microsoft Exchange MVP Pentech Office Solutions Inc Tel: 585 586 3890 Cell: 585 576 4750 Fax: 585 249 0316 MSN IM: mark@xxxxxxxxx www.4mcts.com www.exchangetrainer.com -----Original Message----- From: oevans@xxxxxxxxxxxxxxx [mailto:oevans@xxxxxxxxxxxxxxx] Sent: Wednesday, December 03, 2003 12:30 PM To: [ExchangeList] Subject: [exchangelist] RE: how to block SMTP Commands without ISA Server http://www.MSExchange.org/ What you do is deny port 21 and 20 on your firewall that points to your mail server. E.g. if your mail server is 192.168.100.5 then you would use: access-list 101 deny tcp any host 192.168.100.5 eq telnet This pertains to a pix firewall but you may have some other brand. O.e -----Original Message----- From: Victor Naranjo [mailto:vnaranjo@xxxxxxxxxxxxx] Sent: Wednesday, December 03, 2003 12:14 PM To: [ExchangeList] Subject: [exchangelist] RE: how to block SMTP Commands without ISA Server http://www.MSExchange.org/ I can connect to Exchange Server doing telnet session to port 25 and execute commands like, helo domain, mail from, etc and send a message to an internal mailbox making impersonation . This is a security issue, how to block this smtp commands is anybody make a telnet session to port 25? -----Original Message----- From: Mulnick, Al [mailto:Al.Mulnick@xxxxxxxxxx] Sent: Wednesday, December 03, 2003 11:48 AM To: [ExchangeList] Subject: [exchangelist] RE: how to block SMTP Commands without ISA Server http://www.MSExchange.org/ Can you give an example of what you want? I suspect that blocking commands means one thing to you and something different to me. I think of blocking commands as disabling verbs. I suspect you want to block specific users from sending you email. A deny or block list. Al -----Original Message----- From: Victor Hugo Naranjo [mailto:vnaranjo@xxxxxxxxxxxxx] Sent: Wednesday, December 03, 2003 11:40 AM To: [ExchangeList] Subject: [exchangelist] how to block SMTP Commands without ISA Server http://www.MSExchange.org/ Help with this... =20 In Exchange 5.5, 2000 and 2003 how to block SMTP Commands without ISA = Server? If the Mail from: (SMTP Command) is blocked, Can I still receive Internet eMails? Victor Naranjo CONSULTANT SYNERGY ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 ISA Server Resource Site: http://www.isaserver.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 ISA Server Resource Site: http://www.isaserver.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 ISA Server Resource Site: http://www.isaserver.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 ISA Server Resource Site: http://www.isaserver.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------