Critical

Ensure there is no unrestricted inbound access to TCP port 25 (SMTP)

Security & Compliance
Description

TCP port 25 is used by Simple Mail Transfer Protocol (SMTP) to transmit email messages between servers. Unrestricted inbound access to this port can potentially allow attackers to send spam or other malicious emails, or to intercept and read sensitive information being transmitted over email.

Remediation

Here are the remediation steps to ensure there is no unrestricted inbound access to TCP port 25 (SMTP):

  1. Identify all systems that require access to the SMTP server through TCP port 25.
  2. Implement firewall rules and access control lists (ACLs) to block all incoming traffic to port 25, except for authorized hosts or IP addresses that require access to the SMTP server.
  3. Configure the SMTP server to require authentication for all email messages being transmitted over TCP port 25.
  4. Implement email authentication mechanisms such as Sender Policy Framework (SPF), DomainKeys Identified Mail (DKIM), and Domain-based Message Authentication, Reporting and Conformance (DMARC) to prevent spoofing and phishing attacks.
  5. Implement rate limiting on the SMTP server to prevent spam or other malicious email messages from being sent from the server.
  6. Monitor the SMTP server logs regularly to detect any unauthorized attempts to access the TCP port 25.
  7. Regularly review and update the firewall rules, access control lists, and email authentication mechanisms to ensure they are up to date and configured correctly.

By following these remediation steps, you can ensure that the SMTP server is secured and that access to the TCP port 25 is restricted only to authorized sources, reducing the risk of unauthorized access, spam, phishing attacks, and other security incidents.

Enforced Resources
Note: Remediation steps provided by Lightlytics are meant to be suggestions and guidelines only. It is crucial to thoroughly verify and test any remediation steps before applying them to production environments. Each organization's infrastructure and security needs may differ, and blindly applying suggested remediation steps without proper testing could potentially cause unforeseen issues or vulnerabilities. Therefore, it is strongly recommended that you validate and customize any remediation steps to meet your organization's specific requirements and ensure that they align with your security policies and best practices.