SurgeMail Archive: Re: [SurgeMail List] SMTP Auth on smart host

Subject:	Re: [SurgeMail List] SMTP Auth on smart host
From:	Surgemail Support
Date:	23-Feb-2023
It probably would be a useful option, but I think it's of low value, since the hackers know the correct port's to use since the port is well known. The users on the other hand don't know and benefit enormously from an informative error message. (if their email client bothers to show them the error) ChrisP. On 24/02/2023 5:36 am, Lyle Giese wrote: > From a security standpoint, if we deny a service on port x, why should > the error message tell the other party what port to find that service on? > > The user should call their provider if necessary and ask. At least > you have a chance to vet the caller to confirm they need that info. > > And besides the normal user using a real email client program will > never see this message anyways. > > Thanks, > > Lyle Giese > > > On 2/22/23 14:54, Surgemail Support wrote: >> Currently no. >> >> ChrisP >> >> On 23/02/2023 2:34 am, Lyle Giese wrote: >>> Can I modify this message? >>> >>> 2023-02-21 16:09:36.34:841017088: 530 530 Please use smtp port >>> (xxx5,xxx5) not (25) for email clients (x.x.x.x) >>> >>> I would rather it state, this port(25) is not for client email use. >>> Contact email support for more info(x.x.x.x) >>> >>> Or something along those lines. Primarily to drop the auth ports in >>> the message. >>> >>> Thanks, >>> >>> Lyle Giese >>> >>> On 2/20/23 18:09, Surgemail Support wrote: >>>> You can set: >>>> >>>> g_smtp_portauth "587,465" >>>> >>>> g_smtp_portforce "true" >>>> >>>> >>>> ChrisP. >>>> >>>> >>>> >>>> On 21/02/2023 1:03 pm, Lyle Giese wrote: >>>>> I am running a smart host using the community edition of >>>>> Surgemail. No mailboxes. Simply forwarding inbound and outbound >>>>> email from my servers at home(registered Surgemail servers). >>>>> >>>>> I am getting a lot of Auth attempts via port 25: >>>>> >>>>> 2023-02-20 00:09:24.80:2993407744: 535 Login not permitted domain >>>>> does not exist (payroll@70.35.205.71) (70.35.205.71) 185.254.37.70 >>>>> 2023-02-20 00:22:00.18:2996049664: 535 Login not permitted domain >>>>> does not exist (production@70.35.205.71) (70.35.205.71) 185.254.37.70 >>>>> 2023-02-20 00:34:35.46:2993407744: 535 Login not permitted domain >>>>> does not exist (program@70.35.205.71) (70.35.205.71) 185.254.37.70 >>>>> 2023-02-20 00:47:09.81:2996049664: 535 Login not permitted domain >>>>> does not exist (rafael@70.35.205.71) (70.35.205.71) 185.254.37.70 >>>>> 2023-02-20 00:59:45.80:2994464512: 535 Login not permitted domain >>>>> does not exist (reception@70.35.205.71) (70.35.205.71) 185.254.37.70 >>>>> 2023-02-20 01:12:31.39:2994464512: 535 Login not permitted domain >>>>> does not exist (remote@70.35.205.71) (70.35.205.71) 185.254.37.70 >>>>> >>>>> I did verify the connects are via port 25. I use a different port >>>>> with auth enabled for outbound email from my servers. >>>>> >>>>> Is there a way to disallow auth attempts on port 25? If someone >>>>> tries to authenicate on port 25, drop them. >>>>> >>>>> Thanks, >>>>> Lyle Giese >>>>> >>>>> >>>> >>> >> >

Last Message | Next Message


Search website: