Blocked connections passing through firewall. What is wrong?

Question 1

If restricting your relay addresses to private fixed the problem, one possibility is that your SMTP port is open for inbound traffic. The port will frequently need to be at least slightly open in order to receive email. However, you'll want to restrict the opening to just allowing connections originating from servers that you want to receive email from (I.e. whatever ip range you were given by google apps for email).

Basically, it sounds like two things were happening:

1) Firewall wasn't limiting access to your SMTP port, and was allowing traffic to pass through from an untrusted source.

2) Your email server was relaying all email instead of just stuff from the internal network.

You fixed 2, which will work and should take care of the problem. However, you'll want to look into problem 1 as well to be more secure.

Answer

If restricting your relay addresses to private fixed the problem, one possibility is that your SMTP port is open for inbound traffic. The port will frequently need to be at least slightly open in order to receive email. However, you'll want to restrict the opening to just allowing connections originating from servers that you want to receive email from (I.e. whatever ip range you were given by google apps for email).

Basically, it sounds like two things were happening:

1) Firewall wasn't limiting access to your SMTP port, and was allowing traffic to pass through from an untrusted source.

2) Your email server was relaying all email instead of just stuff from the internal network.

You fixed 2, which will work and should take care of the problem. However, you'll want to look into problem 1 as well to be more secure.

Question 2

Atleast windows 2008 SBS can configure your router for you through UPnP. This may be the reason that some firewall rules are set aside.

These seems to be the ports it automatically configures for you through UPnP:

Port 25: SMTP e-mail
Port 80: HTTP Web traffic
Port 443: HTTPS Web traffic
Port 987: HTTPS Web traffic for Windows SharePoint® Services through Remote Web Workplace
Port 1723: VPN if you plan to enable VPN on the Destination Server. You may also need to enable the point-to-point tunneling protocol (PPTP) pass-through on your router.

Taken from: http://technet.microsoft.com/en-us/library/cc527508%28WS.10%29.aspx

Answer

Atleast windows 2008 SBS can configure your router for you through UPnP. This may be the reason that some firewall rules are set aside.

These seems to be the ports it automatically configures for you through UPnP:

Port 25: SMTP e-mail
Port 80: HTTP Web traffic
Port 443: HTTPS Web traffic
Port 987: HTTPS Web traffic for Windows SharePoint® Services through Remote Web Workplace
Port 1723: VPN if you plan to enable VPN on the Destination Server. You may also need to enable the point-to-point tunneling protocol (PPTP) pass-through on your router.

Taken from: http://technet.microsoft.com/en-us/library/cc527508%28WS.10%29.aspx

Blocked connections passing through firewall. What is wrong?

Respuesta1

Respuesta2

información relacionada