1

How can we restrict SMTP service to be used on localhost only?

Our websites are using localhost SMTP but we do not want any mail clients to use our server on SMTP port.

Our server is Windows Server 2008 R2 and using Mail Enabled Professional Edition V1.

Thanks.

Jonas T
  • 225
  • 3
  • 9
  • Jonas, Please clarify your specific problem or add additional details to highlight exactly what you need. As it's currently written, it’s hard to tell exactly what you're asking. For more information see [How do I ask a good question] (http://serverfault.com/help/how-to-ask). -- are you just wanting to prevent incoming email to the server but still allow outbound? Or are you trying to prevent it from being an open relay? – TheCleaner Feb 13 '14 at 22:44
  • It has been simplified. – Jonas T Feb 13 '14 at 23:01
  • Why not just use the Windows firewall to only allow localhost (or server ip) to use smtp port 25 ? – krisFR Feb 13 '14 at 23:37
  • Good point. I just checked the windows firewall. Someone from hosting facility must have turned it off. WTF. I have turned it back on, left the message not to turn off again and will see what happens over the weekend. – Jonas T Feb 13 '14 at 23:40

1 Answers1

1

My advice, especially for SMTP, is to protect yourself with as many layers of security as possible, especially if you have other people with admin access to the server, turning things like firewalls on and off... Here's how I'd do it:

  1. Firewall - make sure only 127.0.0.1 gets to talk to port 25 on your server. Reject all other connections.
  2. Set up the SMTP service to only listen for connections on 127.0.0.1. By default it's configured to listen on 0.0.0.0, which means any IP, including the public one. Even if the firewall fails or gets disabled, external clients won't be able to talk to the SMTP service on your server, because it will be "deaf" to them.
  3. Set up a relay restriction allowing only local clients (i.e. 127.0.0.1) to relay mail through the server. Even if somehow the above 2 measures fail, external clients will only be allowed to send mail to the server's local domain. Attempts by external clients to send mail (relay access) to external domains will be denied by the SMTP server.

Here's a guide on how to actually do steps 2 and 3. #2 above is shown in step 12 of the guide, and #3 above is shown in steps 13 and 15 of the guide.

Why have these 3 layers? Short answer: minimize risk of security incidents and other undesirable issues. Long answer:

  1. From a security standpoint, have things as locked down as possible. Access needs to be granted on a needs to have basis - this is a universal best practice that has saved my behind many times.
  2. Even if someone else with admin access starts making changes on the machine (e.g turns off firewall), even by accident/unintentionally, you can sleep easier knowing that there are 2 other safeguards in place.
  3. When someone with admin access starts making changes to the server config, they would have to be quite deliberate in changing both the firewall settings (or disabling it) as well as SMTP service settings, so short of sabotage, or (hopefully) an approved, documented change request, the chance of making all 3 changes are pretty slim.

I hope this helps! Good luck and take care!

Rouben
  • 1,312
  • 10
  • 15