Several firewalls support separating this (Raptor, Cisco PIX, Gauntlet), but all the spammer/intruder needs to do is use a client that doesn't send telnet options such as the Solaris mconnect command. So the trick of blocking clients that send telnet options doesn't really work. SMTP uses TCP port 25. You can't block 25/tcp without also blocking SMTP, although you can restrict it to SMTP only.
-----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Pascal C. Kocher Sent: Thu April 25 2002 21:21 To: Chris Lee; [EMAIL PROTECTED] Subject: RE: blocking telnet to port 25 Hello Chris > Sayed Peerzade wrote: > > > Hello, > > > > I'm systems engineer in an ISP handling mail servers, i also handle > > checkpoint. > > pls tell me how to block telnet to port 25, keeping normal telnet to > > perform normally on mail server (netscape messaging server > running on > > solaris OS)) > > u can tell me method to block either in checkpoint or on mail server > > itself. > > Thanks and regards. > > > > Sayed K.Peerzade. > > From: Chris Lee [mailto:[EMAIL PROTECTED]] > > If you want mail to through, you can't. > > Chris This is wrong. You are still able to get mail through port 25 and not allowing telnet (at least telnet clients) to connect to the mailserver over this port. Telnet sends options upon connection (link Terminal Type) which a regular SMTP Connection would not send. Based on this you could filter out telnet connections. Althoug I don't know of any firewall product which supports this. Best regards, Pascal. _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] For Account Management (unsubscribe, get/change password, etc) Please go to: http://lists.gnac.net/mailman/listinfo/firewalls
