[Mimedefang] Security note: Open port 25 on internal mail servers
David F. Skoll
dfs at roaringpenguin.com
Wed Feb 4 17:36:15 EST 2004
Hi,
This is a note I sent to all our CanIt customers; I think it bears
repeating for MIMEDefang users.
Edited to replace "CanIt" with "MIMEDefang" :-)
Regards,
David.
-----------------------------------------------------------------------
Hello,
Recently, we've been seeing instances of viruses propagating into
internal mail servers, completely bypassing the MIMEDefang relay. The
problem has nothing to do with MIMEDefang; rather, it's a symptom of
lax network security.
If you are using MIMEDefang as a filtering machine and then relaying
to your real mail server, you should follow these precautions:
1) Do not publish any MX records pointing to your internal mail
server. All published MX records should eventually relay through the
MIMEDefang machine.
2) If you have an A record for your domain (example:
roaringpenguin.com has an A record of 209.195.84.23), make sure that
the machine with that address either isn't running a mail server or
will eventually relay through the MIMEDefang machine. We've seen
instances of spammers trying A records for domains.
3) Even if you don't have MX or A records pointing to internal mail
servers, you should firewall off port 25 on internal mail servers from
the outside world. We've seen instances of the MyDoom virus bypassing
the MIMEDefang machine by port-scanning for something listening on
port 25.
The basic guiding principle: Do not permit any path for Internet
e-mail to bypass your MIMEDefang machine.
Regards,
David.
More information about the MIMEDefang
mailing list