how to stop using *telnet <domain> 25*

[Gary]

On Sat, Jan 24, 2004 at 12:43:57PM -0500 or thereabouts, Bruce Marshall wrote:
> On Saturday 24 January 2004 12:29 pm, Ben Duncan wrote:
> > I think the question here is :

> > Someone outside our network/domain is using a telnet to
> > port 25 to use the MTA.
> >
> > Anyone more familiar with iptables know if such a "service"
> > can be blocked ?
 
> Assuming you need to have port 25 open to the outside world, then I think 
> you're left with blocking that IP address.   Yes, iptables can block the 
> address.  I do it all the time with shorewall.
 
> > Bruce Marshall wrote:
> > > On Saturday 24 January 2004 10:57 am, Swapana Ghosh wrote:
> > >>I ?have already blocked that IP. But the question is they can use another
> > >>IP, which they did before already once IP with different net work. So how
> > >>many IPs we will block? That is why i was wondering , if there is a way
> > >>then we can stop our tension for ever..
> > >
> > > I was going to say  "get rid of the telnet client"  since no one really
> > > should be using it for anything...  but...   a) There might be a need for
> > > it, or b) he might already have a copy of the client (or could easily get
> > > one).
> > >
> > > Is there any clue as to who it is?   In the mail sent?
 
If they are using port 25, and you have an MTA running, sendmail, postfix,
or qmail.  You should set your MTA to allow use for only your existing
internal IP range, and you will not have this problem.. They will not be
able to send mail period. 

In short, you have not properly closed down your MTA, and you are an open relay. 


-- 
Gary