Re: Will deny-ing SMTP inbound on port 25 kill exchange outbound on port 25?

Hollis Paul wrote:
In article <enKUw5a8IHA.5052@xxxxxxxxxxxxxxxxxxxx>, Joe wrote:
You're obviously aware that incoming and outgoing events are mixed in these files (how hard would separate files have been?) and most analysers make their separation a significant sales point. Grouping all the events of a session also makes life a lot easier.

That does raise a question for me--how are the incoming responses being made? If I have a "deny incoming on port 25" rule in place, how are incoming events happening?


Incoming *responses* to *outgoing* SMTP messages will arrive on whatever source port Exchange has been allocated for that particular session, which will be above about 1030 (1024 and the next few are usually allocated to fixed network processes at boot-up). Port 25, like nearly all the sub-1024 'well-known' ports, is used as a destination only, never as a source. Very few TCP or UDP protocols use the same port number at both ends, UDP/123, the time service, being one which does. Many protocols, including SMTP, permit multiple connections to one destination port from one remote IP address, so cannot use a single source port.

Firewalls in general use 'Stateful Packet Inspection', which means they keep track of the source and destination ports used in a permitted outgoing transaction, and accept incoming replies to the same source port, from the same destination port. If you're using ISA, then you've explicitly allowed outbound connections *to* port 25 of remote SMTP servers, but also implicitly allowed connections *from* that remote port 25 to whatever source port initiated the session. That's why protocols like FTP sometimes have problems, because they can't stick to this simple one-in-one-out plan, and if the FTP server isn't 'integrated' with the firewall, the latter doesn't know what to allow back in.
.

Relevant Pages

  • RE: L2TP + NAT-T
    ... "I'm using L2TP/IPSec since PPTP does not work through NAT. ... > Destination Port 0 ... > IKE Source Port 500 ... > IKE Destination Port 6159 ...
    (microsoft.public.win2000.ras_routing)
  • Re: SMTP and tcp ports
    ... This ACL would permit access to the internal SMTP server (listening on TCP port 25) from external clients and servers. ... The mail clients would be using a TCP source port>1023, and external mail servers would be using TCP source port 25, or TCP source port>1023. ...
    (comp.dcom.sys.cisco)
  • Re: SMTP and tcp ports
    ... for both the source port and for the destination port to our exchange ... random destination ports allocated by PAT on the edge router; ...
    (comp.dcom.sys.cisco)
  • Re: SMTP and tcp ports
    ... for both the source port and for the destination port to our exchange ... I thought inbound traffic to the server would be on ... You have static NAT setup for the SMTP server don't you? ...
    (comp.dcom.sys.cisco)
  • Re: hashCode() for Custom classes
    ... it may be best to leave out the hash code of some of the members. ... source port number as fields. ... implementing hashCodefor the connection object. ... unique is the combination of source IP, source port, dest IP, ...
    (comp.lang.java.programmer)