--On Monday, September 02, 2019 3:23 PM -0500 Mike <[email protected]> wrote:
Is there a way to allow incoming SMTP mail traffic but block attempts to use SMTP AUTH (obviously as a way to probe or brute force logins)? Are these separate ports or the same? (i.e. if I block port 25, do I stop dovecot login attempts but also block any inbound mail? Or are there separate ports in place?)
A mail server is actually two servers: Sendmail or Postfix accept mail from other mail servers on port 25, the Mail Transfer Agent (MTA) port. Anyone can submit mail there without authentication. They can also accept mail via a login on port 587, the mail submission port, and that's what you use for your users. Port 25 can accept logins but it's easier to administer if you disable logins on port 25, making it the "outsider's" mail port.
The second server, Dovecot, provides your users access to their mailboxes through POP3 and IMAP. IMAP uses port 143. Normally you should use STARTTLS to allow users to connect in plaintext and then promote the connection to encrypted. Dovecot can use some other ports (993 for IMAP) to start the connection in encrypted mode on connection but that's old school and STARTTLS is now the preferred setup. I don't use POP3 so I've forgotten the ports it uses. Look at /etc/services for port numbers. POP3 is a simple single-mailbox system while IMAP provides folders and filters. I keep my mail on the server and access it from several clients so IMAP is the logical choice.
I have ipset blocklists set up in firewalld (iptables) to block access to my authenticated ports (143 and 587) to block nuisance login attacks from foreign soil. fail2ban takes care of the remaining attacks. Port 25 remains open to receive mail from anywhere.
_______________________________________________ Fail2ban-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/fail2ban-users
