----- Original Message ----- From: "Alinmar Umlas" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Thursday, March 21, 2002 6:45 PM Subject: Re: [plug] SMTP Ports Question
> fooler > Another questions related to port 25 used by smtp, theres some people used > to telnet this port 25, esmtp, how could we deny it without affecting the > recieving and sending of mails. I try to deny it but it affect my receiving > end using ipchains > > ipchains -A input -s mynetwork/Subnetmask -d mymailserver 25 -p TCP -y -j > ACCEPT > ipchains -A input -s 0/0 -d mymailserver 25 -p TCP -y -j DENY > > sometimes i try to telnet <hostname> 25.... your mail server nor your firewall program cannot distinguish between telnet <hostname> 25 and any mail client when connecting to your mail server... there are no fingerprints when telnet connected to port 25, it just simply simulate a tcp connection to port 25 as what any mail client do. according to your firewall rules, only the *mynetwork* segment can connect to your smtp server and any incoming mails from outside you network segment would be drop... meaning you cant receive any mails except from within your organization or network segment. btw the way, your two ipchain firewall rules can be converted into one line only for better performance. ipchains -A input -s ! mynetwork/subnetmask -d mymailserver 25 -p tcp -y -j deny fooler. _ Philippine Linux Users Group. Web site and archives at http://plug.linux.org.ph To leave: send "unsubscribe" in the body to [EMAIL PROTECTED] To subscribe to the Linux Newbies' List: send "subscribe" in the body to [EMAIL PROTECTED]
