Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations gkittelson on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
changing port numbers
- Thread starter zxmax
- Start date
SMTP works on port 25. If you change that port on your server then how do you expect all the other mail servers around the world that might try to make a mail connection to your server to know that you have changed the port?
Chris.
**********************
Chris Andrew, CCNA, CCSA
chris@iproute.co.uk
**********************
Chris.
**********************
Chris Andrew, CCNA, CCSA
chris@iproute.co.uk
**********************
- Thread starter
- #3
Several ISP's are closing port 25 to reduce the relaying problem clogging the net so you might contact the tech groups with a few of them and see how they are doing it. is one that is doing that at this time.
James
James
Sounds strange...changing port 25 should prevent you from sending, not from receiving mails.
Are you sure you changed the SMTP port? Looks like you changed the POP3 one...
HTH
![[pipe]](/data/assets/smilies/pipe.gif "[pipe] [pipe]")
Daniel Vlas
Systems Consultant
Are you sure you changed the SMTP port? Looks like you changed the POP3 one...
HTH
Daniel Vlas
Systems Consultant
- Thread starter
- #6
man, im really going crazy ,, can someone explain to me , how can that be posssible, ? (look a the above log , how can they authenticate , is that some kind of hancking, if it is , how to prevent something like that ?
211.158.51.2 [00000C10] Sun, 30 Nov 2003 14:42:55 -0500 Connected
211.158.51.2 [00000C10] Sun, 30 Nov 2003 14:42:55 -0500 >>> 220-mail.pcclick.ca ESMTP VisNetic.MailServer.v5.0.2.3; Sun, 30 Nov 2003 14:42:55 -0500
211.158.51.2 [00000C10] Sun, 30 Nov 2003 14:42:56 -0500 <<< EHLO scurvy
211.158.51.2 [00000C10] Sun, 30 Nov 2003 14:42:56 -0500 >>> 250-mail.pcclick.ca Hello scurvy [211.158.51.2], pleased to meet you.
211.158.51.2 [00000C10] Sun, 30 Nov 2003 14:42:56 -0500 <<< AUTH LOGIN
211.158.51.2 [00000C10] Sun, 30 Nov 2003 14:42:56 -0500 >>> 334 VXNlcm5hbWU6
211.158.51.2 [00000C10] Sun, 30 Nov 2003 14:42:56 -0500 <<< d2VibWFzdGVy
211.158.51.2 [00000C10] Sun, 30 Nov 2003 14:42:56 -0500 >>> 334 UGFzc3dvcmQ6
211.158.51.2 [00000C10] Sun, 30 Nov 2003 14:42:57 -0500 <<< d2VibWFzdGVy
211.158.51.2 [00000C10] Sun, 30 Nov 2003 14:42:57 -0500 >>> 235 2.0.0 Authentication successful
211.158.51.2 [00000C10] Sun, 30 Nov 2003 14:42:57 -0500 <<< MAIL FROM:<scare@LYCOS.COM>
211.158.51.2 [00000C10] Sun, 30 Nov 2003 14:42:57 -0500 >>> 250 2.1.0 <scare@LYCOS.COM>... Sender ok
211.158.51.2 [00000C10] Sun, 30 Nov 2003 14:42:58 -0500 <<< RCPT TO:<pbxbbas@geocities.com>
211.158.51.2 [00000C10] Sun, 30 Nov 2003 14:42:58 -0500 >>> 550 5.7.1 <scare@LYCOS.COM> Access not allowed
211.158.51.2 [00000C10] Sun, 30 Nov 2003 14:42:58 -0500 <<< QUIT
211.158.51.2 [00000C10] Sun, 30 Nov 2003 14:42:58 -0500 >>> 221 2.0.0 mail.pcclick.ca closing connection
SYSTEM [00000C10] Sun, 30 Nov 2003 14:42:58 -0500 Disconnected
mail.pcclick.ca is my server ,
Thanks alot in advance,
211.158.51.2 [00000C10] Sun, 30 Nov 2003 14:42:55 -0500 Connected
211.158.51.2 [00000C10] Sun, 30 Nov 2003 14:42:55 -0500 >>> 220-mail.pcclick.ca ESMTP VisNetic.MailServer.v5.0.2.3; Sun, 30 Nov 2003 14:42:55 -0500
211.158.51.2 [00000C10] Sun, 30 Nov 2003 14:42:56 -0500 <<< EHLO scurvy
211.158.51.2 [00000C10] Sun, 30 Nov 2003 14:42:56 -0500 >>> 250-mail.pcclick.ca Hello scurvy [211.158.51.2], pleased to meet you.
211.158.51.2 [00000C10] Sun, 30 Nov 2003 14:42:56 -0500 <<< AUTH LOGIN
211.158.51.2 [00000C10] Sun, 30 Nov 2003 14:42:56 -0500 >>> 334 VXNlcm5hbWU6
211.158.51.2 [00000C10] Sun, 30 Nov 2003 14:42:56 -0500 <<< d2VibWFzdGVy
211.158.51.2 [00000C10] Sun, 30 Nov 2003 14:42:56 -0500 >>> 334 UGFzc3dvcmQ6
211.158.51.2 [00000C10] Sun, 30 Nov 2003 14:42:57 -0500 <<< d2VibWFzdGVy
211.158.51.2 [00000C10] Sun, 30 Nov 2003 14:42:57 -0500 >>> 235 2.0.0 Authentication successful
211.158.51.2 [00000C10] Sun, 30 Nov 2003 14:42:57 -0500 <<< MAIL FROM:<scare@LYCOS.COM>
211.158.51.2 [00000C10] Sun, 30 Nov 2003 14:42:57 -0500 >>> 250 2.1.0 <scare@LYCOS.COM>... Sender ok
211.158.51.2 [00000C10] Sun, 30 Nov 2003 14:42:58 -0500 <<< RCPT TO:<pbxbbas@geocities.com>
211.158.51.2 [00000C10] Sun, 30 Nov 2003 14:42:58 -0500 >>> 550 5.7.1 <scare@LYCOS.COM> Access not allowed
211.158.51.2 [00000C10] Sun, 30 Nov 2003 14:42:58 -0500 <<< QUIT
211.158.51.2 [00000C10] Sun, 30 Nov 2003 14:42:58 -0500 >>> 221 2.0.0 mail.pcclick.ca closing connection
SYSTEM [00000C10] Sun, 30 Nov 2003 14:42:58 -0500 Disconnected
mail.pcclick.ca is my server ,
Thanks alot in advance,
- Thread starter
- #7
man, im really going crazy ,, can someone explain to me , how can that be posssible, ? (look a the above log , how can they authenticate , is that some kind of hancking, if it is , how to prevent something like that ?
211.158.51.2 [00000C10] Sun, 30 Nov 2003 14:42:55 -0500 Connected
211.158.51.2 [00000C10] Sun, 30 Nov 2003 14:42:55 -0500 >>> 220-mail.pcclick.ca ESMTP VisNetic.MailServer.v5.0.2.3; Sun, 30 Nov 2003 14:42:55 -0500
211.158.51.2 [00000C10] Sun, 30 Nov 2003 14:42:56 -0500 <<< EHLO scurvy
211.158.51.2 [00000C10] Sun, 30 Nov 2003 14:42:56 -0500 >>> 250-mail.pcclick.ca Hello scurvy [211.158.51.2], pleased to meet you.
211.158.51.2 [00000C10] Sun, 30 Nov 2003 14:42:56 -0500 <<< AUTH LOGIN
211.158.51.2 [00000C10] Sun, 30 Nov 2003 14:42:56 -0500 >>> 334 VXNlcm5hbWU6
211.158.51.2 [00000C10] Sun, 30 Nov 2003 14:42:56 -0500 <<< d2VibWFzdGVy
211.158.51.2 [00000C10] Sun, 30 Nov 2003 14:42:56 -0500 >>> 334 UGFzc3dvcmQ6
211.158.51.2 [00000C10] Sun, 30 Nov 2003 14:42:57 -0500 <<< d2VibWFzdGVy
211.158.51.2 [00000C10] Sun, 30 Nov 2003 14:42:57 -0500 >>> 235 2.0.0 Authentication successful
211.158.51.2 [00000C10] Sun, 30 Nov 2003 14:42:57 -0500 <<< MAIL FROM:<scare@LYCOS.COM>
211.158.51.2 [00000C10] Sun, 30 Nov 2003 14:42:57 -0500 >>> 250 2.1.0 <scare@LYCOS.COM>... Sender ok
211.158.51.2 [00000C10] Sun, 30 Nov 2003 14:42:58 -0500 <<< RCPT TO:<pbxbbas@geocities.com>
211.158.51.2 [00000C10] Sun, 30 Nov 2003 14:42:58 -0500 >>> 550 5.7.1 <scare@LYCOS.COM> Access not allowed
211.158.51.2 [00000C10] Sun, 30 Nov 2003 14:42:58 -0500 <<< QUIT
211.158.51.2 [00000C10] Sun, 30 Nov 2003 14:42:58 -0500 >>> 221 2.0.0 mail.pcclick.ca closing connection
SYSTEM [00000C10] Sun, 30 Nov 2003 14:42:58 -0500 Disconnected
mail.pcclick.ca is my server ,
Thanks alot in advance,
And that is why i want to change my port # from 25 to something else, but preferebly not
211.158.51.2 [00000C10] Sun, 30 Nov 2003 14:42:55 -0500 Connected
211.158.51.2 [00000C10] Sun, 30 Nov 2003 14:42:55 -0500 >>> 220-mail.pcclick.ca ESMTP VisNetic.MailServer.v5.0.2.3; Sun, 30 Nov 2003 14:42:55 -0500
211.158.51.2 [00000C10] Sun, 30 Nov 2003 14:42:56 -0500 <<< EHLO scurvy
211.158.51.2 [00000C10] Sun, 30 Nov 2003 14:42:56 -0500 >>> 250-mail.pcclick.ca Hello scurvy [211.158.51.2], pleased to meet you.
211.158.51.2 [00000C10] Sun, 30 Nov 2003 14:42:56 -0500 <<< AUTH LOGIN
211.158.51.2 [00000C10] Sun, 30 Nov 2003 14:42:56 -0500 >>> 334 VXNlcm5hbWU6
211.158.51.2 [00000C10] Sun, 30 Nov 2003 14:42:56 -0500 <<< d2VibWFzdGVy
211.158.51.2 [00000C10] Sun, 30 Nov 2003 14:42:56 -0500 >>> 334 UGFzc3dvcmQ6
211.158.51.2 [00000C10] Sun, 30 Nov 2003 14:42:57 -0500 <<< d2VibWFzdGVy
211.158.51.2 [00000C10] Sun, 30 Nov 2003 14:42:57 -0500 >>> 235 2.0.0 Authentication successful
211.158.51.2 [00000C10] Sun, 30 Nov 2003 14:42:57 -0500 <<< MAIL FROM:<scare@LYCOS.COM>
211.158.51.2 [00000C10] Sun, 30 Nov 2003 14:42:57 -0500 >>> 250 2.1.0 <scare@LYCOS.COM>... Sender ok
211.158.51.2 [00000C10] Sun, 30 Nov 2003 14:42:58 -0500 <<< RCPT TO:<pbxbbas@geocities.com>
211.158.51.2 [00000C10] Sun, 30 Nov 2003 14:42:58 -0500 >>> 550 5.7.1 <scare@LYCOS.COM> Access not allowed
211.158.51.2 [00000C10] Sun, 30 Nov 2003 14:42:58 -0500 <<< QUIT
211.158.51.2 [00000C10] Sun, 30 Nov 2003 14:42:58 -0500 >>> 221 2.0.0 mail.pcclick.ca closing connection
SYSTEM [00000C10] Sun, 30 Nov 2003 14:42:58 -0500 Disconnected
mail.pcclick.ca is my server ,
Thanks alot in advance,
And that is why i want to change my port # from 25 to something else, but preferebly not
Danvalas,
"Sounds strange...changing port 25 should prevent you from sending, not from receiving mails."
He was talking about blocking port 25 INBOUND, not outbound. If he closes port 25 on his mail server then no other mail server will be able to make an SMTP connection, therefore he won't receive any mails.
Zxmax,
If you change your SMTP port then you may as well just not run as mail server. It has the same affect. If you look at the logs you can see that when scare@lycos.com tried to relay mail to pbxbbas@geocities.com he got a 550 error. Therefore, he couldn't send the mail through your server.
Securing a mail server does not mean having to change the port number. It's about having it correctly configured. If in doubt then speak to the vendors of your mail software.
Chris.
**********************
Chris Andrew, CCNA, CCSA
chris@iproute.co.uk
**********************
"Sounds strange...changing port 25 should prevent you from sending, not from receiving mails."
He was talking about blocking port 25 INBOUND, not outbound. If he closes port 25 on his mail server then no other mail server will be able to make an SMTP connection, therefore he won't receive any mails.
Zxmax,
If you change your SMTP port then you may as well just not run as mail server. It has the same affect. If you look at the logs you can see that when scare@lycos.com tried to relay mail to pbxbbas@geocities.com he got a 550 error. Therefore, he couldn't send the mail through your server.
Securing a mail server does not mean having to change the port number. It's about having it correctly configured. If in doubt then speak to the vendors of your mail software.
Chris.
**********************
Chris Andrew, CCNA, CCSA
chris@iproute.co.uk
**********************
Zxmax, you were already adviced on this in your thread858-716765 , please don not start threads on the same topic over and over, that gets very confusing for the ones trying to help you out.
Stick to one thread and everyone will know what was already suggested and tried, so no double answers are provided.
Marc
If 'something' 'somewhere' gives 'some' error, expect random guesses or no replies at all. Please specify details.
Free Tip: The F1 Key does NOT destroy your PC!
Stick to one thread and everyone will know what was already suggested and tried, so no double answers are provided.
Marc
If 'something' 'somewhere' gives 'some' error, expect random guesses or no replies at all. Please specify details.
Free Tip: The F1 Key does NOT destroy your PC!
iproute:
Please check this link:
I took the liberty to highlight some relevant aspects:
Quote:
POP3 (Post Office Protocol 3) is the most recent version of a standard protocol for receiving e-mail. POP3 is a client/server protocol in which e-mail is received and held for you by your Internet server. Periodically, you (or your client e-mail receiver) check your mail-box on the server and download any mail. POP3 is built into the Netmanage suite of Internet products and one of the most popular e-mail products, Eudora. It's also built into the Netscape and Microsoft Internet Explorer browsers.
An alternative protocol is Internet Message Access Protocol (IMAP). With IMAP, you view your e-mail at the server as though it was on your client computer. An e-mail message deleted locally is still on the server. E-mail can be kept on and searched at the server.
POP can be thought of as a "store-and-forward" service. IMAP can be thought of as a remote file server.
POP and IMAP deal with the receiving of e-mail and are not to be confused with the Simple Mail Transfer Protocol (SMTP), a protocol for transferring e-mail across the Internet. You send e-mail with SMTP and a mail handler receives it on your recipient's behalf. Then the mail is read using POP or IMAP.
The conventional port number for POP3 is 110.
Unquote
So...SMTP is used just to send mail (either locally or relayed). It has NOTHING to do with receiving mail.
HTH
Daniel Vlas
Systems Consultant
Please check this link:
I took the liberty to highlight some relevant aspects:
Quote:
POP3 (Post Office Protocol 3) is the most recent version of a standard protocol for receiving e-mail. POP3 is a client/server protocol in which e-mail is received and held for you by your Internet server. Periodically, you (or your client e-mail receiver) check your mail-box on the server and download any mail. POP3 is built into the Netmanage suite of Internet products and one of the most popular e-mail products, Eudora. It's also built into the Netscape and Microsoft Internet Explorer browsers.
An alternative protocol is Internet Message Access Protocol (IMAP). With IMAP, you view your e-mail at the server as though it was on your client computer. An e-mail message deleted locally is still on the server. E-mail can be kept on and searched at the server.
POP can be thought of as a "store-and-forward" service. IMAP can be thought of as a remote file server.
POP and IMAP deal with the receiving of e-mail and are not to be confused with the Simple Mail Transfer Protocol (SMTP), a protocol for transferring e-mail across the Internet. You send e-mail with SMTP and a mail handler receives it on your recipient's behalf. Then the mail is read using POP or IMAP.
The conventional port number for POP3 is 110.
Unquote
So...SMTP is used just to send mail (either locally or relayed). It has NOTHING to do with receiving mail.
HTH
Daniel Vlas
Systems Consultant
Daniel,
Let me try to explain in the simplest of terms for you.
The problem here is that this guy runs his own mail server. Therefore, his domain has an MX record that points to his mail server. If he closes off port 25 (SMTP) then his mail server WILL NOT be able to RECEIVE mail from other mail servers. ie. I want to send zxmax and email. So, I send that email through my mail server.
Now, my mail server needs to look up the MX record for his domain, pcclick.ca. It finds the records mail.pcclick.ca which resolves to an IP address. My mail server then needs to send my email to mail.pcclick.ca via SMTP. Once mail.pcclick.ca has received the email then it can be passed to the local POP3 server so that zxmax can pick the mail off the server with a POP3 client.
If port 25/SMTP is closed on mail.pcclick.ca then my mail server will not be able to make an SMTP connection to his mail server, therefore he won't RECEIVE my mail! It will simply get bounced.
So, to re-cap, yes he picks mail up off his server using POP3, but remember that the mail has to GET to his server first. How does it do that? SMTP!! No SMTP, no email to his server.
Get it?
Chris.
**********************
Chris Andrew, CCNA, CCSA
chris@iproute.co.uk
**********************
Let me try to explain in the simplest of terms for you.
The problem here is that this guy runs his own mail server. Therefore, his domain has an MX record that points to his mail server. If he closes off port 25 (SMTP) then his mail server WILL NOT be able to RECEIVE mail from other mail servers. ie. I want to send zxmax and email. So, I send that email through my mail server.
Now, my mail server needs to look up the MX record for his domain, pcclick.ca. It finds the records mail.pcclick.ca which resolves to an IP address. My mail server then needs to send my email to mail.pcclick.ca via SMTP. Once mail.pcclick.ca has received the email then it can be passed to the local POP3 server so that zxmax can pick the mail off the server with a POP3 client.
If port 25/SMTP is closed on mail.pcclick.ca then my mail server will not be able to make an SMTP connection to his mail server, therefore he won't RECEIVE my mail! It will simply get bounced.
So, to re-cap, yes he picks mail up off his server using POP3, but remember that the mail has to GET to his server first. How does it do that? SMTP!! No SMTP, no email to his server.
Get it?
Chris.
**********************
Chris Andrew, CCNA, CCSA
chris@iproute.co.uk
**********************
- Thread starter
- #12
I got to agree with Chris, but daniel is also right, but i guess its just a miss understanding,
Anyways, the good news is , i found the problem, i reseted all the passwords for the users, and now i'm not having any more relaying, now i get this in the log :
211.158.51.2 [00000C10] Sun, 30 Nov 2003 14:42:56 -0500 <<< AUTH LOGIN
211.158.51.2 [00000C10] Sun, 30 Nov 2003 14:42:56 -0500 >>> 334 VXNlcm5hbWU6
211.158.51.2 [00000C10] Sun, 30 Nov 2003 14:42:56 -0500 <<< d2VibWFzdGVy
211.158.51.2 [00000C10] Sun, 30 Nov 2003 14:42:56 -0500 >>> 334 UGFzc3dvcmQ6
211.158.51.2 [00000C10] Sun, 30 Nov 2003 14:42:57 -0500 <<< d2VibWFzdGVy
211.158.51.2 [00000C10] Sun, 30 Nov 2003 14:42:57 -0500 >>> 235 2.0.0 Authentication FAILED
------------------------------------------------
Thanks all for the help,
Chris : you helped indirectly when you said try to secure my relays, well, i think i was ok, but it seems like one of users somehow gave his user name and password, and people are using it for spamming,
Marcs, i didn't mean to start a new thread, notice my question was totally different (email related) but it just happened that Chris the same person replyed on both threads..
Anyways, the good news is , i found the problem, i reseted all the passwords for the users, and now i'm not having any more relaying, now i get this in the log :
211.158.51.2 [00000C10] Sun, 30 Nov 2003 14:42:56 -0500 <<< AUTH LOGIN
211.158.51.2 [00000C10] Sun, 30 Nov 2003 14:42:56 -0500 >>> 334 VXNlcm5hbWU6
211.158.51.2 [00000C10] Sun, 30 Nov 2003 14:42:56 -0500 <<< d2VibWFzdGVy
211.158.51.2 [00000C10] Sun, 30 Nov 2003 14:42:56 -0500 >>> 334 UGFzc3dvcmQ6
211.158.51.2 [00000C10] Sun, 30 Nov 2003 14:42:57 -0500 <<< d2VibWFzdGVy
211.158.51.2 [00000C10] Sun, 30 Nov 2003 14:42:57 -0500 >>> 235 2.0.0 Authentication FAILED
------------------------------------------------
Thanks all for the help,
Chris : you helped indirectly when you said try to secure my relays, well, i think i was ok, but it seems like one of users somehow gave his user name and password, and people are using it for spamming,
Marcs, i didn't mean to start a new thread, notice my question was totally different (email related) but it just happened that Chris the same person replyed on both threads..
OK, we were talking about different things...client side versus server side. I should have read the post more carefully.
Cheers
Daniel Vlas
Systems Consultant
Cheers
Daniel Vlas
Systems Consultant
- Status
Similar threads
- Locked
- Question
- Locked
- Question