Email Network Security Blog

Blocking Port 25 to Reduce Spam and Protect Your Network

If you have an email filtering service provider like Sentinare Messaging Solutions, Inc., then all your SMTP traffic should be coming from only the filtering provider and the filtering provider only. Therefore, you don’t have to allow direct port 25 (SMTP traffic) to your email server any more and you shouldn’t allow port 25 (SMTP) traffic directly to your email server anymore. There are several reasons for this:

1. Running a mail server which accepts connections from anywhere at all times is very dangerous. A mail server accepts unknown content of unknown size from anywhere at anytime. This is a perfect recipe for buffer overflows, hacking attempts and other SMTP-based attacks. By blocking port 25 traffic from the world and allowing it only from Sentinare Messaging Solutions, Inc., you are greatly increasing the security of your mail server and your entire network.
2. If you are restricting port 25 traffic so that it is allowed only from your email filtering provider, you don’t have to panic the next time a new vulnerability is exposed for your email server software. You can patch the server at your users’ and your convenience, as your mail server has that strong layer of protection provided by your filtering provider.
3. Spammers are pretty crafty and they are smart enough to direct mail to mail servers, even though they are not published as MX servers in DNS. So even though you have switched your MX records to point to your email service provider’s MX servers, you still might get spam directly to your server if you do not block port 25 traffic.