Re: Port 25 connections?

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

Al wrote:
Joe - thanks, I think those numbers give me comfort that the comections to Port 5 are reasonable as they correspond to our e-mail traffic. I suppose that is the problem with smtp rather than routing it rhrough a managed service & only accepting connections from that services IP address?


Yes, but you have more freedom to control SMTP reception than your ISP does. I reject invalid user names, which generally an external email system can't do. I have no choice but to accept mail for one of my domains by POP3 from my ISP, and I get one or two a day for clearly made-up user names. That's 100% of the received spam making it to my inbox, whereas the spam sent directly by SMTP scores about a 0.1% success rate. POP3 collection is not generally too bad, as you usually get a finite number of mailboxes. My ISP does domain-wide POP3, so there are no user name limitations.

I have used this email address for nearly ten years, and it appears on my web site, which mostly explains the high volume. There are other reasons, and there are automated scripts just looking for an open port 25. So even if you never publish the domain name, you may get some connection attempts. There's a lot of chance involved, as I do monitor the failed connections to a router for one of my customers, and they've never seen a port 25 attempt. Their domain is effectively a dummy one, purely for the purpose of having an Internet connection but never used for email, so even when one of their customers gets their address book stolen by malware, their ISP domain will never appear in it.

One of my other domains never appears anywhere public, but one of our correspondents must have had their address book stolen, and that domain got hammered for a few days a couple of weeks ago, with purely made-up user names. It peaked at over 28,000 SMTP connections in one day. I called up the log in real time, and it scrolled up the screen almost as fast as I could read it. Fortunately, the compromised email address didn't seem to get phoned home, and after a few days almost disappeared from the logs. Presumably AV software eventually killed nearly all of the viruses using it, and my bogus connection level is back to normal.
.

Relevant Pages

  • RE: Help! SBS 2003 SMTP Issues
    ... Does your ISP allow port 25 connections? ... > authentication on port 25 for SMTP. ...
    (microsoft.public.windows.server.sbs)
  • Re: Routing incoming mail to another server
    ... settings in the Firewall and use NAT to translate ports. ... create a tranlation rule so that any connections from MX1 ... to MX2 via port 25 is translated to port 2500. ... Then create a SMTP connector to have the new SMTP ...
    (microsoft.public.exchange2000.connectivity)
  • Re: client receive connector
    ... I guess port 587 is used in a newer version of Outlook Express, ... The difference is in the expected behavior of the SMTP client. ... any expectation of finding any ESMTP keywords. ... Configure the SMTP server to accept only authenticated connections on ...
    (microsoft.public.exchange.admin)
  • Re: AOL news-servers
    ... > client (i.e. do they filter/proxy/block port 25 traffic?). ... action against direct outgoing port 25 connections on domestic ... SMTP will offer it on alternative ports, ...
    (uk.telecom.broadband)
  • Re: Error 0x800CCC60
    ... port 25 as it may recognize you as a spammer especially if you are sending ... SMTP Error # 0x800ccc60 ... until I set up their e-mail in Outlook under the new logon. ... blocking SMTP traffic in some situations, so I disabled McAfee on one ...
    (microsoft.public.outlook)