Topic: Is there a possibility to close Port 25

[mgb]

 have 2 network cards SME 7.4
Server default rate is going out
Is there a possibility to close Port 25
For internal network stations
Only the server can be send mail

[imcintyre]

mgb

sorry don't understand "Lisloh Ma"
Do you want mail to only go through the server?

If so,

Code: [Select]

http://wiki.contribs.org/SME_Server:Documentation:FAQ#How_do_I_enable_smtp_authentication_for_users_on_the_internal_network
and then the section right after.

Hope this is what you are after.

[mgb]

Interested stations can not send external mail server Port 25
Stations can send mail only through internal server
Network built with SME 7.4 server with 2 network cards
Proxy server is also used in the SNE
And through out the Internet
2 network cards are the same network mask
I used the settings admin
  1. Server and gateway
192.168.183.5
192.168.183.14
255.255.255.0
Router
192.168.183.1
Want to block the virus from Sderot hurt stations network Port 25
  How
do I disable smtp a  for users on the internal_network
IPTraf
l Proto/Port    Pkts   Bytes   PktsTo   BytesTo  PktsFrom BytesFrom
x TCP/25               1152    201782       635    146892       517     54890  x
Thanks

[mgb]

is ok ?
config setprop masq TCPBlocks 192.168.193.0/0:25

[paradigm]

You can use the The server's transparent SMTP proxy which i think should scan all outgoing mail and maybe block it , look here :

http://wiki.contribs.org/SME_Server:Documentation:Administration_Manual:Chapter11#Proxy_settings

[mgb]

Thanks but that does not help
Shay still have internal network traffic through a server outside Port 25


 

[paradigm]

If the station is infected with a virus , i think you should deal with it (clean the machine) insted of trying to block port 25 ,

An infected station inside a network is not a vary good idea - it can infect other stations vary quickly .

In the bright side sme server is not a windows based OS so it wont be infected. 

[mgb]

Thanks for the answer
I changed the router to stay in my router just more due budget constraints
To replace Rotter did not suffer from problems of port 25 blocked by router settings Port 25
The stations I'm sure you can block you out of the stations through Port 25
The question of who knows define the system
For stations virus infected have no control over the machines Hllol only their browsing

[mgb]

A new problem
The server sends mail out
Only receive mail or send
What possibilities for examination of the problem

[paradigm]

Mgb I'm sorry , i cant understand what you are saying...

[mgb]

Sorry English Thanks for the answer
I had a problem with port 25
One of the computers on the network
I tried to close the port 25
The situation is that the server is also mail server
Does not send external mail
Mail server receives and sends only internal users on the server
Not get a message about an incorrect e-mail
What can be done for testing what the problem

[janet]

mgb

What can be done for testing what the problem

It is very difficult to understand your problem due to the poor translation to English.

I think this is what you are saying about your problem:

You have a virus infection on a workstation.
You wanted to stop the virus sending out emails via the server.
You closed outgoing port 25 on the server
You then said that the server now cannot send emails
You then said you can only send emails on the local network and not externally
You want to know how to fix the problem and what to do to run tests to discover what the problem is.

Assuming the above is correct then here are my comments.

Clean the virus infection off the workstation. This is absolutely essential and there is no other way to fix the problem.
You can prevent viruses from using their own smtp engine, by forcing authenticated access to sme server's smtp server. As the virus does not know your user password, then it cannot gain access to your smtp server and therefore cannot send outgong emails.
See these FAQ entries:
http://wiki.contribs.org/SME_Server:Documentation:FAQ#How_do_I_enable_smtp_authentication_for_users_on_the_internal_network

http://wiki.contribs.org/SME_Server:Documentation:FAQ#How_do_I_disable_SMTP_relay_for_unauthenticated_LAN_clients

Still you need to identify the workstation that has the infection, and to implement the above you will need to change all users email client settings on all workstations.

Look at the email log files for qpsmtpd, sqpsmtpd  and qmail, you should be able to see the IP number of the workstation that hundreds of emails are coming from.

Another simple answer is to disconnect the network cable from each workstation one by one and see if the virus email flow stops. Note their may still be undelivered email messages in the queue, so be careful not to trick yourself when using this technique.

Use iptraf to monitor network traffic. See man iptraf

Re-enable port 25 if you want your server to send email, and temporarily disconnect the infected workstation. Do not reconnect it until the virus has been cleaned off it.
Use software tools or a good virus scanner to remove the infection eg AVG Free. Transfer these files via USB rather than reconnecting the workstation to the network.

In a bad scenario where more than one workstation is infected, you may have to disconnect ALL workstation ethernet cables, and reconnect them one by one (or only one at a time) in order to discover which workstation is infected. You will see virus generated email flow as soon as you reconnect an infected computer.

As has been said it is highly unlikely that your sme server is infected, the infection is most likely on a Windows workstation somewhere on your local network.

You do need to provide us with better English translations if you want us to better understand your problem and your questions. This is an English language forum so please do not expect us to be experts at Italian (or whatever your language is)

[mgb]

I thank very much the answer
The situation described is true
I installed the Mail Setup with a password  can be sent internal mail without authentication
Does not work or have a problem and I think it's not working
Attached server log hopefully help understand the problem

@400000004b2e2945021c3ad4 tcpsvd: info: listening on 0.0.0.0:465, starting.
@400000004b3a7c171ffe50b4 tcpsvd: info: status 1/10
@400000004b3a7c1720ec7d5c tcpsvd: info: pid 31471 from 201.255.148.195
@400000004b3a7c1721b8128c tcpsvd: info: concurrency 31471 201.255.148.195 1/5
@400000004b3a7c1721b81a5c tcpsvd: info: start 31471 mail.ail.akif.mer.k12.il:192.168.183.5 ::201.255.148.195:4828 ../qpsmtpd/peers/0
@400000004b3a7c181625c6e4 31471 Connection from [201.255.148.195] [201.255.148.195]
@400000004b3a7c18175c0c94 31471 Initializing spool_dir
@400000004b3a7c18176bf6cc 31471 Permissions on spool_dir /var/spool/qpsmtpd/ are not 0700
@400000004b3a7c18249bf89c sslio[31471]: info: bytes in: 365
@400000004b3a7c18249c0454 sslio[31471]: info: bytes ou: 1170
@400000004b3a7c18249c083c 31471 check_earlytalker plugin: remote host started talking before we said hello [201.255.148.195]
@400000004b3a7c18249c100c 31471 logging::logterse plugin: ` 201.255.148.195   201.255.148.195            check_earlytalker   902   Connecting host started transmitting before SMTP greeting   msg denied before queued
@400000004b3a7c18249c1bc4 31471 450 Connecting host started transmitting before SMTP greeting
@400000004b3a7c18249e5614 tcpsvd: info: end 31471 exit 0
@400000004b3a7c18249e5de4 tcpsvd: info: status 0/10
@400000004b3a999019984cac tcpsvd: info: status 1/10
@400000004b3a999020da8b9c tcpsvd: info: pid 30892 from 190.177.214.59
@400000004b3a999021a6289c tcpsvd: info: concurrency 30892 190.177.214.59 1/5
@400000004b3a999021a63454 tcpsvd: info: start 30892 mail.ail.akif.mer.k12.il:192.168.183.5 ::190.177.214.59:4759 ../qpsmtpd/peers/0
@400000004b3a99912cb361dc sslio[30892]: info: bytes in: 365
@400000004b3a99912cb369ac sslio[30892]: info: bytes ou: 1170
@400000004b3a99920849dd44 30892 Connection from [190.177.214.59] [190.177.214.59]
@400000004b3a99920964da94 30892 Initializing spool_dir
@400000004b3a99920a1e0104 30892 Permissions on spool_dir /var/spool/qpsmtpd/ are not 0700
@400000004b3a99920a3b1e24 30892 check_earlytalker plugin: remote host started talking before we said hello [190.177.214.59]
@400000004b3a99920a48ba84 30892 logging::logterse plugin: ` 190.177.214.59   190.177.214.59            check_earlytalker   902   Connecting host started transmitting before SMTP greeting   msg denied before queued
@400000004b3a99920a519bf4 30892 450 Connecting host started transmitting before SMTP greeting
@400000004b3a99920a6ccce4 tcpsvd: info: end 30892 exit 0
@400000004b3a99920a6cd89c tcpsvd: info: status 0/10
@400000004b3c86580faaeed4 tcpsvd: info: listening on 0.0.0.0:465, starting.
@400000004b3c8b4214473efc tcpsvd: info: listening on 0.0.0.0:465, starting.

config show qpsmtpd
qpsmtpd=service
    Authentication=enabled
    Bcc=disabled
    BccMode=cc
    BccUser=maillog
    DNSBL=disabled
    LogLevel=6
    MaxScannerSize=25000000
    RBLList=bl.spamcop.net:combined.njabl.org:dnsbl.ahbl.org:dnsbl-1.uceprotect.net:dnsbl-2.uceprotect.net:list.dsbl.org:multihop.dsbl.org:psbl.surriel.com:zen.spamhaus.org
    RHSBL=disabled
    RequireResolvableFromHost=no
    SBLList=bogusmx.rfc-ignorant.org:multi.surbl.org:black.uribl.com:rhsbl.sorbs.net:bulk.rhs.mailpolice.com:fraud.rhs.mailpolice.com:porn.rhs.mailpolice.com:adult.rhs.mailpolice.com:ex.dnsbl.org
    access=public
    qplogsumm=disabled
    status=enabled