2.2.15: SMTP submission server?

Reindl Harald h.reindl at thelounge.net
Thu Nov 27 09:29:40 UTC 2014



Am 27.11.2014 um 08:17 schrieb Steffen Kaiser:
> On Wed, 26 Nov 2014, Mark Homoky wrote:
>> On 17/11/2014 07:23, Ron Leach wrote:
>>> On 16/11/2014 07:24, Robert Schetterer wrote (re-ordered):
>>>> Am 16.11.2014 um 02:24 schrieb Reindl Harald:
>>>
>>> Off topic for Dovecot list, but I might think instead about separate
>>> inbound and outbound MTAs to achieve containment of inbound MTA
>>> compromise.
>
> @Ron: This seems to be the most sensible option for your concerns
> anyway, but with a well-known MSA. The inbound MTA need not advertise
> its existance to the web and, if port 587 is the only one, you could
> bann port probes, because few attackers will start with port 587.
>
>> As Reindl said switch off SASL on port 25 (hence in the SMTP
>> conversation following the ehlo line, the client isn't even offered
>> AUTH and hence the chance to login to try to relay).
> [cut]
>> You really can't get stronger mail injection than using the standard
>> submission port only accepting AUTH via TLS encrypted connections on
>> port 587
>
> If both port 25 and port 587 are open on the same server, is there any
> statitic about how much attackers probe port 25 before 587 and if
> disabling AUTH on port 25 helps at all in that case?

surely, nobody cares about 587 because it's typically only possible with 
autentication to submit mail and so in no way useable for deliver spam 
or as open relay

that below is from a honeypot network but keep in mind that in case 
oftry a different port from the same IP "last_port" after testing 25/587 
changes to that one

mysql> select count(*) from dnsbl where dnsbl_last_port=25;
+----------+
| count(*) |
+----------+
|      790 |
+----------+
1 row in set (0.00 sec)

mysql> select count(*) from dnsbl where dnsbl_last_port=587;
+----------+
| count(*) |
+----------+
|        2 |
+----------+
1 row in set (0.01 sec)

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: OpenPGP digital signature
URL: <http://dovecot.org/pipermail/dovecot/attachments/20141127/5c4bacad/attachment.sig>


More information about the dovecot mailing list