The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Checking for port 25 usage

Discussion in 'General Discussion' started by bluerayconcepts, Jul 25, 2013.

  1. bluerayconcepts

    bluerayconcepts Active Member

    Joined:
    Mar 24, 2013
    Messages:
    31
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Yuba City, CA
    cPanel Access Level:
    Root Administrator
    How would i go about checking for active usage of port 25. I am wanting to move forward with disabling it completely and I know the majority of customer are using smtp auth 587 but I wanna make sure there is no one left with some rogue mail setup still using port 25.

    I can use - netstat -n -A inet to see active connection at the moment but its only at that moment. Is there a way to log active connections to a file so I can scrub it later and see if there is anyone using it.
     
  2. quietFinn

    quietFinn Well-Known Member

    Joined:
    Feb 4, 2006
    Messages:
    998
    Likes Received:
    10
    Trophy Points:
    18
    Location:
    Finland
    cPanel Access Level:
    Root Administrator
    You can not disable port 25. Mail servers sending to your server connect to port 25.
     
  3. bluerayconcepts

    bluerayconcepts Active Member

    Joined:
    Mar 24, 2013
    Messages:
    31
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Yuba City, CA
    cPanel Access Level:
    Root Administrator
    Then how do ISP's get away with blocking port 25. That makes no sense.

    I work for an ISP as my day job and we do not allow anything on Port 25.
     
  4. quietFinn

    quietFinn Well-Known Member

    Joined:
    Feb 4, 2006
    Messages:
    998
    Likes Received:
    10
    Trophy Points:
    18
    Location:
    Finland
    cPanel Access Level:
    Root Administrator
    If the ISP does not allow anything on port 25 then they are not able to receive emails from other servers.

    ISP's block outgoing connections on port 25, except when the connection is made to their mail server (that's how it works with every ISP here in Finland), or they can force their customers to use another port.
     
  5. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,668
    Likes Received:
    646
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello :)

    Yes, you should leave port 25 open so that other mail servers can connect to your server. However, you can modify the following option under the "Security" tab in "WHM Home » Service Configuration » Exim Configuration Manager":

    "Require clients to connect with SSL or issue the STARTTLS command before they are allowed to authenticate with the server."

    Per it's description, enabling this option will significantly improve the security of the server by preventing the plaintext transmission of authentication credentials.

    Thank you.
     
  6. cPanelJared

    cPanelJared Technical Analyst
    Staff Member

    Joined:
    Feb 25, 2010
    Messages:
    1,842
    Likes Received:
    18
    Trophy Points:
    38
    Location:
    Houston, TX
    cPanel Access Level:
    Root Administrator
    They block port 25 for their end user customers. I think you may be confused between an ISP blocking port 25 for its end users to send mail, and how servers send mail to other servers.

    The ISP still sends mail to other servers on port 25. Port 25 is the Internet SMTP port. If you disable it, you will break mail for your server.

    Mail servers always use port 25 to send mail to other servers. That is the Internet standard, and there are no alternate ports. If you block port 25, mail servers that are trying to send mail to your server will only see that port 25 is blocked, and they will not automatically try port 587, because that is not what port 587 is for. Your server will simply not receive any mail because the sending servers will see only that port 25 is blocked, and give up.

    Port 587 is the mail submission port, not the port that mail servers use to talk to each other. It is the port to which a mail client (Outlook, Thunderbird) connects on a server. However, once the server gets the message to be sent from a client, it contacts the remote mail server at the message's destination on port 25, every time.

    Blocking port 25 will certainly prevent your customers from sending mail on it, but it will also block all other servers on the Internet from sending mail to your server, effectively breaking mail.
     
    MaraBlue likes this.
  7. bluerayconcepts

    bluerayconcepts Active Member

    Joined:
    Mar 24, 2013
    Messages:
    31
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Yuba City, CA
    cPanel Access Level:
    Root Administrator
    Ok thats what im getting at. Not blocking it totally but rather not to allow outgoing connections to it.

    So back to my original question:
    Is there a way to see log port usage connections so I can see if there is anyone using port 25 for outgoing connections?
     
  8. quietFinn

    quietFinn Well-Known Member

    Joined:
    Feb 4, 2006
    Messages:
    998
    Likes Received:
    10
    Trophy Points:
    18
    Location:
    Finland
    cPanel Access Level:
    Root Administrator
    You don't need to check anything, you can block outgoing connections on port 25, except for root, exim and mailman.
    If you use CSF you set:

    Code:
    SMTP_BLOCK = 1
    
     
  9. bluerayconcepts

    bluerayconcepts Active Member

    Joined:
    Mar 24, 2013
    Messages:
    31
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Yuba City, CA
    cPanel Access Level:
    Root Administrator
    I want to check so that if there are any customers using port 25 I can premptively call them to get them to change to 587. This way I don't get alot of calls from ticked off customers that they can't send.

    I know about CSF I have been using for the last 4 years.

    I want to check.
     
  10. bluerayconcepts

    bluerayconcepts Active Member

    Joined:
    Mar 24, 2013
    Messages:
    31
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Yuba City, CA
    cPanel Access Level:
    Root Administrator
    Actually. Looking at CSF Logs it shows ip and port info. Looking in /log/messages may work or maybe it won't.
     
  11. quietFinn

    quietFinn Well-Known Member

    Joined:
    Feb 4, 2006
    Messages:
    998
    Likes Received:
    10
    Trophy Points:
    18
    Location:
    Finland
    cPanel Access Level:
    Root Administrator
    I don't quite understand... where should they do that change?
     
  12. Tom Risager

    Tom Risager Well-Known Member

    Joined:
    Jul 10, 2012
    Messages:
    107
    Likes Received:
    3
    Trophy Points:
    18
    Location:
    Copenhagen, Denmark, Denmark
    cPanel Access Level:
    Root Administrator
    iptables could do it for you: linux - How to log the ip addresses trying to connect to a port? - Server Fault

    I'm not sure I understand why you want to call them and make them change to 587, though. Usually you would provide an alternative port to allow them to connect to the SMTP server even if their ISP is blocking port 25. If port 25 works for them then there is no issue. And like others have pointed out, you cannot really block port 25 and have a working email service.
     
  13. bluerayconcepts

    bluerayconcepts Active Member

    Joined:
    Mar 24, 2013
    Messages:
    31
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Yuba City, CA
    cPanel Access Level:
    Root Administrator
    I am not sure why my question was not understood.

    Basically I do not want anyone on my server using port 25 for outgoing. I want them all using 587. So I want to see if anyone on the server is using port 25 to send email. If there are then I can figure out who it is and I can contact them and get them moved over to 587 with smtp auth.

    Not sure why that has been so hard to understand. Rather than just disabling outgoing port 25, yes i understand that incoming port 25 must stay open for other servers to connect, and then having customers cal pissed off because they can't send.

    Essentially, I do not want to allow port 25 for outgoing mail connections. Not sure why thats hard to understand.
     
  14. quietFinn

    quietFinn Well-Known Member

    Joined:
    Feb 4, 2006
    Messages:
    998
    Likes Received:
    10
    Trophy Points:
    18
    Location:
    Finland
    cPanel Access Level:
    Root Administrator
    It is not hard to understand.
    But you don't seem to understand that emails sent out from your server are always sent on port 25.
     
  15. bluerayconcepts

    bluerayconcepts Active Member

    Joined:
    Mar 24, 2013
    Messages:
    31
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Yuba City, CA
    cPanel Access Level:
    Root Administrator
    No I get that. I apologize if I didn't make that clear.
    I understand or at least I believe I do, that correct me if I am wrong, Server to server mail uses port 25 to send.

    I don't want my customers connecting to our server using port 25 to send mail. I want them all using 587.
     
  16. quietFinn

    quietFinn Well-Known Member

    Joined:
    Feb 4, 2006
    Messages:
    998
    Likes Received:
    10
    Trophy Points:
    18
    Location:
    Finland
    cPanel Access Level:
    Root Administrator
  17. bluerayconcepts

    bluerayconcepts Active Member

    Joined:
    Mar 24, 2013
    Messages:
    31
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Yuba City, CA
    cPanel Access Level:
    Root Administrator
    So I have been watching logs and trying to catch some glimpse of something maybe I missed due to continually being blocked by hotmail and Brightmail.

    Something I keep seeing is the following:
    2013-07-28 09:08:58 [10237] SMTP connection from [186.176.119.38]:58183 I=[162.209.14.192]:25 (TCP/IP connection count = 1)
    2013-07-28 09:08:58 [11675] no host name found for IP address 186.176.119.38
    2013-07-28 09:08:58 [11675] list matching forced to fail: failed to find host name for 186.176.119.38
    2013-07-28 09:08:58 [11675] list matching forced to fail: failed to find host name for 186.176.119.38

    I am presuming this is someone trying to connect to port 25 trying to send email but failing.
     
  18. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,668
    Likes Received:
    646
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    That is a SMTP connection to your server on port 25. It fails because there is no reverse DNS entry for that IP address pointing to a host name.

    Thank you.
     
Loading...

Share This Page