[SOLVED] recommendations for closing port 25

Discussion in 'ISPConfig 3 Priority Support' started by Tomislav Aurednik, Sep 8, 2016.

  1. How and where is the corect way to close smtp port 25. We have a cert and want only use port 587. Sholud we close it on the router the firewall in ISPConfig or comment it out from master.cf?
     
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    I would close it in the earliest point that you control, so if the server is behind a router, then the router would be that point. If no router is used, then close it in the firewall of the server.
     
    Tomislav Aurednik likes this.
  3. Thanks! I closed it on the router.
     
  4. I know this is an old topic, but I didn't have time to reply and trying to fix the problem.
    When I close port 25 for my mail server (router or firewall), I do not get incoming e-mail from outside the server. I can send and recieve mail only for my email domains.

    Any clue what can be the problem? Mail server is configured for STARTLS so it uses port 587 for SMTP instead of 25.

    my master.cf
     
  5. Croydon

    Croydon ISPConfig Developer ISPConfig Developer

    Hello,
    mail servers always communicate via port 25, so closing the server's port 25 is quite a bad Idea (no mails going out or coming in then).
     
    Tomislav Aurednik likes this.
  6. So how do some close port 25 for preventing of SPAM?
    We're are using TLS so we use port 587, so port 25 is not used. That's why we want to close it. But when we close it we can't recive mail.
     
    Last edited: Nov 3, 2016
  7. florian030

    florian030 Well-Known Member HowtoForge Supporter

    you can install some rbls.
     
  8. can you explain a bit what do you mean by installing rbls? I only found that you meant a Real-time Blackhole List or Blacklist. But doesnt ISPConfig have a blacklist option in spamfilter?
     
  9. Croydon

    Croydon ISPConfig Developer ISPConfig Developer

    Yes, port 25 is needed. Servers only communicate on that port.
    RBL is in ISPConfig Interface but you have to insert your preferred rbl servers there to enable those lists.
     
    Tomislav Aurednik likes this.
  10. Ok... then I have bad info about blocking port 25.
    I found that I can add the rbl in postfix main.cf
    Code:
    smtpd_client_restrictions = reject_rbl_client zen.spamhaus.org,
            reject_rbl_client bl.spamcop.net,
            reject_rbl_client dnsbl.sorbs.net,
            check_client_access mysql:/etc/postfix/mysql-virtual_client.cf,
            reject_unknown_client
    But I've found a post where Till writes that it should not be done manually but to use the "rbl field in ispconfig". https://www.howtoforge.com/community/threads/new-ispconfig-install.67697/#post-322173

    I can't find this RBL field in ISPConfig and nothing for adding rbls in the manual. The only thing is in the Email ->Global Filters -> Postfix Blacklist. Is that it? So I should add the rbl zen.spamhaus.org into "Blacklist address" and select Client in "Type"?
     
  11. Croydon

    Croydon ISPConfig Developer ISPConfig Developer

    Nooooo :)
    It is in System -> server config -> select server -> mail tab.
     
    Tomislav Aurednik likes this.
  12. Thanks a lot! Would not have looked there.
     

Share This Page