ConfigServer Community Forum

Hello


I am getting many email notifications of smtpauth failures, eg:

Failures: 2 (smtpauth)
Interval: 300 seconds
Blocked: Permanent Block

Log entries:

2015-06-19 00:25:38 fixed_plain authenticator failed for (Admin-PC) [27.2.xxx.xxx]:52144: 535 Incorrect authentication data (set_id=somename)
2015-06-19 00:25:39 fixed_login authenticator failed for (Admin-PC) [27.2.xxx.xxx]:52144: 535 Incorrect authentication data (set_id=somename)


My server is set so that users can use web email, however it's run via a 3rd party (everyone dot net) and the mx/cname records on my server are set to them.
My server does send outgoing emails via scripts.

Therefore am I correct to assume no user needs to authenticate to my server for email and by that logic, port 25 in TCP_IN could be removed?
Further, I assume SMTPAUTH_RESTRICT needs no setting as removing port 25 from TCP_IN is all that is required in my situation?

In my circumstances, is it really that simple or am I missing something?

I'm not sure that port 25 can be removed, as port 25 is used by email servers talking to each other.
If you closed port 25, then there would be no server to server communication and all email traffic would fail.

There is a setting in CSF to limit which services can connect to port 25 though.
Block outgoing smtp except for root, exim and mailman

Hmmm... my logic is that having the mx/cname point off to a 3rd party webmail provider means genuine email users don't need access to port 25 on my server (mx/cname should direct genuine users to the other email provider BEFORE they hit port 25 on my server), therefore port 25 (removed from TCP_IN) doesn't need to be there to allow bots to try to hack in and waste auth resources. Outgoing emails from scripts should be unaffected. In any case, I have removed 25 from TCP_IN and so far, I have seen no adverse affects and no entries in the csf.dny file since.