bluerayconcepts

Active Member
Mar 24, 2013
32
0
6
Yuba City, CA
cPanel Access Level
Root Administrator
How would i go about checking for active usage of port 25. I am wanting to move forward with disabling it completely and I know the majority of customer are using smtp auth 587 but I wanna make sure there is no one left with some rogue mail setup still using port 25.

I can use - netstat -n -A inet to see active connection at the moment but its only at that moment. Is there a way to log active connections to a file so I can scrub it later and see if there is anyone using it.
 

quietFinn

Well-Known Member
Feb 4, 2006
1,072
32
178
Finland
cPanel Access Level
Root Administrator
Then how do ISP's get away with blocking port 25. That makes no sense.

I work for an ISP as my day job and we do not allow anything on Port 25.
If the ISP does not allow anything on port 25 then they are not able to receive emails from other servers.

ISP's block outgoing connections on port 25, except when the connection is made to their mail server (that's how it works with every ISP here in Finland), or they can force their customers to use another port.
 

cPanelMichael

Technical Support Community Manager
Staff member
Apr 11, 2011
47,911
2,234
363
cPanel Access Level
DataCenter Provider
Twitter
Hello :)

Yes, you should leave port 25 open so that other mail servers can connect to your server. However, you can modify the following option under the "Security" tab in "WHM Home » Service Configuration » Exim Configuration Manager":

"Require clients to connect with SSL or issue the STARTTLS command before they are allowed to authenticate with the server."

Per it's description, enabling this option will significantly improve the security of the server by preventing the plaintext transmission of authentication credentials.

Thank you.
 

JaredR.

Well-Known Member
Feb 25, 2010
1,834
23
143
Houston, TX
cPanel Access Level
Root Administrator
Then how do ISP's get away with blocking port 25. That makes no sense.

I work for an ISP as my day job and we do not allow anything on Port 25.
They block port 25 for their end user customers. I think you may be confused between an ISP blocking port 25 for its end users to send mail, and how servers send mail to other servers.

The ISP still sends mail to other servers on port 25. Port 25 is the Internet SMTP port. If you disable it, you will break mail for your server.

Mail servers always use port 25 to send mail to other servers. That is the Internet standard, and there are no alternate ports. If you block port 25, mail servers that are trying to send mail to your server will only see that port 25 is blocked, and they will not automatically try port 587, because that is not what port 587 is for. Your server will simply not receive any mail because the sending servers will see only that port 25 is blocked, and give up.

Port 587 is the mail submission port, not the port that mail servers use to talk to each other. It is the port to which a mail client (Outlook, Thunderbird) connects on a server. However, once the server gets the message to be sent from a client, it contacts the remote mail server at the message's destination on port 25, every time.

Blocking port 25 will certainly prevent your customers from sending mail on it, but it will also block all other servers on the Internet from sending mail to your server, effectively breaking mail.
 

quietFinn

Well-Known Member
Feb 4, 2006
1,072
32
178
Finland
cPanel Access Level
Root Administrator
Ok thats what im getting at. Not blocking it totally but rather not to allow outgoing connections to it.

So back to my original question:
Is there a way to see log port usage connections so I can see if there is anyone using port 25 for outgoing connections?
You don't need to check anything, you can block outgoing connections on port 25, except for root, exim and mailman.
If you use CSF you set:

Code:
SMTP_BLOCK = 1
Block outgoing SMTP except for root, exim and mailman (forces scripts/users to use the exim/sendmail binary instead of sockets access)
 

bluerayconcepts

Active Member
Mar 24, 2013
32
0
6
Yuba City, CA
cPanel Access Level
Root Administrator
I want to check so that if there are any customers using port 25 I can premptively call them to get them to change to 587. This way I don't get alot of calls from ticked off customers that they can't send.

I know about CSF I have been using for the last 4 years.

I want to check.
 

Tom Risager

Well-Known Member
Jul 10, 2012
116
5
18
Copenhagen, Denmark
cPanel Access Level
Root Administrator
iptables could do it for you: linux - How to log the ip addresses trying to connect to a port? - Server Fault

I'm not sure I understand why you want to call them and make them change to 587, though. Usually you would provide an alternative port to allow them to connect to the SMTP server even if their ISP is blocking port 25. If port 25 works for them then there is no issue. And like others have pointed out, you cannot really block port 25 and have a working email service.
 

bluerayconcepts

Active Member
Mar 24, 2013
32
0
6
Yuba City, CA
cPanel Access Level
Root Administrator
I am not sure why my question was not understood.

Basically I do not want anyone on my server using port 25 for outgoing. I want them all using 587. So I want to see if anyone on the server is using port 25 to send email. If there are then I can figure out who it is and I can contact them and get them moved over to 587 with smtp auth.

Not sure why that has been so hard to understand. Rather than just disabling outgoing port 25, yes i understand that incoming port 25 must stay open for other servers to connect, and then having customers cal pissed off because they can't send.

Essentially, I do not want to allow port 25 for outgoing mail connections. Not sure why thats hard to understand.
 

bluerayconcepts

Active Member
Mar 24, 2013
32
0
6
Yuba City, CA
cPanel Access Level
Root Administrator
No I get that. I apologize if I didn't make that clear.
I understand or at least I believe I do, that correct me if I am wrong, Server to server mail uses port 25 to send.

I don't want my customers connecting to our server using port 25 to send mail. I want them all using 587.
 

bluerayconcepts

Active Member
Mar 24, 2013
32
0
6
Yuba City, CA
cPanel Access Level
Root Administrator
So I have been watching logs and trying to catch some glimpse of something maybe I missed due to continually being blocked by hotmail and Brightmail.

Something I keep seeing is the following:
2013-07-28 09:08:58 [10237] SMTP connection from [186.176.119.38]:58183 I=[162.209.14.192]:25 (TCP/IP connection count = 1)
2013-07-28 09:08:58 [11675] no host name found for IP address 186.176.119.38
2013-07-28 09:08:58 [11675] list matching forced to fail: failed to find host name for 186.176.119.38
2013-07-28 09:08:58 [11675] list matching forced to fail: failed to find host name for 186.176.119.38

I am presuming this is someone trying to connect to port 25 trying to send email but failing.