Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Disable Telnet through port 25

221 views
Skip to first unread message

Andy David [MVP]

unread,
Nov 21, 2002, 6:58:05 PM11/21/02
to
You dont. Otherwise you wont get any mail.
If you have an open relay you need to close it:
http://www.exchangeadmin.com/Articles/Index.cfm?ArticleID=7696


"matt" <oktober...@hotmail.com> wrote in message
news:efed01c291b5$f1e9ba90$8df82ecf@TK2MSFTNGXA02...
> we have a Exchange 5.5 server that is primarily used as
> our SMTP gateway. We have port 25 available for the SMTP
> transfer. However anyone can telnet to the server using
> port 25 instead of 23 and then spoof e-mail messages and
> successfully send them. How do you disable this in Xchange
> 5.5 without rendering the mail SMTP useless? Thanks for
> any help.
>
> **and we already have the Telnet service disabled...
>
> m


Eric Cooper

unread,
Nov 21, 2002, 6:56:07 PM11/21/02
to
"matt" <oktober...@hotmail.com> wrote in message
news:efed01c291b5$f1e9ba90$8df82ecf@TK2MSFTNGXA02...
> we have a Exchange 5.5 server that is primarily used as
> our SMTP gateway. We have port 25 available for the SMTP
> transfer. However anyone can telnet to the server using
> port 25 instead of 23 and then spoof e-mail messages and
> successfully send them. How do you disable this in Xchange
> 5.5 without rendering the mail SMTP useless? Thanks for
> any help.
>
> **and we already have the Telnet service disabled...

You can't. SMTP is a plain-text protocol. When you telnet to port 25, all
you're REALLY doing is opening a connection to SMTP and passing ascii text
commands and data. This is exactly the same thing that Internet SMTP hosts
are doing (in a nutshell). So long as your IMC is locked down to prevent
relay, this doesn't represent a threat. There is no difference between me
using telnet or Outlook Express or any other SMTP client. IMC will allow or
deny whatever IP addresses you specify to either 1) relay mail or 2) deliver
mail to your inbound domains.

In short, don't worry about this.

Eric


Pip

unread,
Nov 21, 2002, 7:03:44 PM11/21/02
to
Port 25 is the SMTP service which must be accessed if you want mail from the
Internet.
Telnet is just the application used to test connectivity to the SMTP
service.

To turn off open relay you may additionally research at
http://support.microsoft.com and search for "open relay"

In the exchange administrator > Go to the IMS connection property and >
Routing > routing restrictions.
If you have only one exchange server that receives and sends Internet mail
then check the boxes next to

a.. Hosts and Clients that can successfully authenticate
a.. Hosts and Clients with these IP addresses
a.. Hosts and Clients connecting to these internal addresses

No further action on Server is required.
On clients that send SMTP mail from home they must now check "server
requires authentication" in their Accounts properties.

"matt" <oktober...@hotmail.com> wrote in message
news:efed01c291b5$f1e9ba90$8df82ecf@TK2MSFTNGXA02...
> we have a Exchange 5.5 server that is primarily used as
> our SMTP gateway. We have port 25 available for the SMTP
> transfer. However anyone can telnet to the server using
> port 25 instead of 23 and then spoof e-mail messages and
> successfully send them. How do you disable this in Xchange
> 5.5 without rendering the mail SMTP useless? Thanks for
> any help.
>
> **and we already have the Telnet service disabled...
>

> m


---
Outgoing mail is certified Virus Free. Free Antivirus by AVG.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.422 / Virus Database: 237 - Release Date: 11/20/2002


Pip

unread,
Nov 21, 2002, 7:11:49 PM11/21/02
to

"Pip" <nn...@somewhere.com> wrote in message
news:#cZugqbkCHA.716@tkmsftngp11...

> Port 25 is the SMTP service which must be accessed if you want mail from
the
> Internet.
> Telnet is just the application used to test connectivity to the SMTP
> service.
>
> To turn off open relay you may additionally research at
> http://support.microsoft.com and search for "open relay"
>
> In the exchange administrator > Go to the IMS connection property and >
> Routing > routing restrictions.
> If you have only one exchange server that receives and sends Internet mail
> then check the boxes next to
>
> a.. Hosts and Clients that can successfully authenticate
> a.. Hosts and Clients with these IP addresses
> a.. Hosts and Clients connecting to these internal addresses
>
> No further action on Server is required.

Ha! Need to restart the IMS Service in control panel. But it Exchange does
tell you this.

Martin Blackstone [MVP - Exchange]

unread,
Nov 22, 2002, 11:33:18 AM11/22/02
to
An SMTP connection is essentially a Telnet connection. You cant have one
iwthout the other in this case.
0 new messages