Blocking port 25 outbound - Can receive but not send e-mail

Hi there,

So, I had a problem witth my server’s IP being added frequently to Spamhaus.

I could even see somethings very strange, at below:

Aug  6 00:00:04 box postfix/submission/smtpd[1814046]: connect from unknown[46.148.40.152]
Aug  6 00:00:07 box postfix/submission/smtpd[1812495]: warning: unknown[46.148.40.77]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
Aug  6 00:00:10 box postfix/submission/smtpd[1812495]: lost connection after AUTH from unknown[46.148.40.77]
Aug  6 00:00:10 box postfix/submission/smtpd[1812495]: disconnect from unknown[46.148.40.77] ehlo=1 auth=0/1 rset=1 commands=2/3
Aug  6 00:00:18 box postfix/submission/smtpd[1814046]: warning: unknown[46.148.40.152]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
Aug  6 00:00:20 box postfix/submission/smtpd[1814046]: lost connection after AUTH from unknown[46.148.40.152]
Aug  6 00:00:20 box postfix/submission/smtpd[1814046]: disconnect from unknown[46.148.40.152] ehlo=1 auth=0/1 rset=1 commands=2/3
Aug  6 00:00:28 box postfix/submission/smtpd[1820366]: connect from unknown[46.148.40.63]
Aug  6 00:00:32 box postfix/submission/smtpd[1820365]: connect from unknown[46.148.40.87]
Aug  6 00:00:34 box postfix/submission/smtpd[1816689]: connect from unknown[46.148.40.70]
Aug  6 00:00:42 box postfix/submission/smtpd[1820366]: warning: unknown[46.148.40.63]: SASL LOGIN authentication failed: UGFzc3dvcmQ6

Well, I have even checked the above IPs, and they were coming from “very strange” places.

Today I ran two commands at UFW, after read a Spamhaus guide in order to secure port 25:

Secure your firewall to not allow any packets outbound on port 25, except those coming from any email server(s) on your local network. Remote sending of email to servers or printers on the Internet will still work if web-based, or correctly configured to use port 587 using SMTP-AUTH.

I have so blocked the port 25 (outbound) and allowed only from localhost:

sudo ufw deny out to any port 25
sudo ufw allow out from 127.0.0.1 to any port 25

Well, now I made some tests and noticed I am able to receive e-mails, but I can’t send.

Anyone has some idea about what I could do to solve this?

Also, MIAB is displaying a warning at admin dashboard, is this warning OK (Outbound mail (SMTP port 25) seems to be blocked by your network. You will not be able to send any mail. Many residential networks block port 25 to prevent hijacked machines from being able to send spam. A quick connection test to Google’s mail server on port 25 failed.)?

Hi, a couple of things there.

The log messages look “normal” to me - I would ignore them. It is probably some spam bot trying to login to your box. If successful, it would attempt to relay spam via your box, but it wasn’t. MIAB includes fail2ban which monitors attempts like that and blocks the specific source of repeated attempts. You can see a graph of the number of blocked addresses on the admin panel, under Munin monitoring. A small number is normal, and occasionally you will get a big burst - but that’s what fail2ban is for.

The advice from Spamhaus was referring to a network firewall, not to your box’s ufw. They are suggesting that only mail servers (like your box) be allowed to send to the internet on port 25. What you have done is block all outgoing emails from your box - I would remove that ufw rule If you have your own router, it should include a rule like that - if you’re on a server farm somewhere, this stuff is managed by your provider.

Re appearing in Spamhaus. Is there any chance that you are sending unwanted emails? Any chance that someone had a poor password and the spam bots guessed it? Check to see who is sending emails, and how many. I’d force everyone to reset to a properly strong password.

Thank you very much.

I understood. I’ll check and change all the passwords. I think all of them are fine, but, who knows.

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.