cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Cisco Secure Email Support Community

Product Support Talos Support Cisco Support Reference + Current Release
Gateway Reputation Lookup Open a support case Secure Email Guided Setup
Gateway: 14.2.0-616
Cloud Gateway Email Status Portal Support & Downloads docs.ces.cisco.com
Email and Web Manager: 14.2.0-203
Email and Web Manager Web & Email Reputation Worldwide Contacts Product Naming Quick Reference
Reporting Plug-in: 1.1.0.136
Encryption Bug Search
Encryption Plug-in: 1.2.1.167
Cloud Mailbox Notification Service
Outlook Add-in(s): More info

1692
Views
0
Helpful
6
Replies
noc_soc69
Beginner

Authentication telnet port 25

Hi,

We have a security problem in one Ironport, If you do a telnet connection trough port 25, The Ironport doesnt request a user name or password, so everyone can send an email. This is a huge security hole, but we dont know how to fix it.

Could you help us?

Regards.

6 REPLIES 6
Valter Da Costa
Cisco Employee

Greetings,

I would suggest you to open a case/ticket. You can do that from the appliance, phone or Web Portal.

http://www.cisco.com/en/US/support/tsd_cisco_worldwide_contacts.html

But I am curious about this issue you are reporting.

Could you please add a screenshot about what you are seeing?

Just to make sure we are on the same page. Cisco ESA (Email Security Appliance) is a MTA - Mail Transfer Agent. It is its primary goal to accept to process email messages. You could implement SMTP Authentication but basically, ESA will be "listening" to connections on port 25 (TCP) so the sending hosts can try to deliver messages to it. So, if you are referring to the fact that you successfully injected a email message via TELNET on port 25, that is expected but like I stated before, you could implement some Authentication Mechanism if you need to.

Thx.

Valter

Hi,

The problem is that recently I have noticed that if you do a external connection like "telnet mail.mydomain.com 25"

The Ironport permit the connection and you can send an email, so we need to change that with a authentication method, but I don´t know where I have to configure that.

The case with the support is open, but we need a quick response.

Regards.

Hi,

I would suggest you to call support phone line and refer to your case number. You call should be transferred to the engineer who is handling your case or the next available engineer.

The contact info can be found at:

http://www.cisco.com/en/US/support/tsd_cisco_worldwide_contacts.html

Using phone method is recommended for situations that require immediate assistance.

You unfortunately did not provide more information about what you see as the issue in this case. Per what I mentioned before it is expected that your appliance accepts connections to evaluate them and then accept the message, if it is clean.

If you want to, perhaps, make sure your appliance does not accept messages to different domains than what your company has, then I believe you are referring to open relay issue. In cases like this, you will need to review RAT (Recipient Access Table) and Listerner configuration to make sure external connections are not getting the RELAY behavior.

I strongly recommend you to call in for support.

I hope this helps.

Regards,

Valter

Is this about Outbound or Inbound connections?

Outbound:

If your workstations can connect outbound to anything, that's a firewall issue, not an ESA issue...

If your workstations can connect to the ESA and you don't want them to, you just want your email servers to be able to, go to Network>Listeners.  Click on HAT for Outbound mail.  Click on Relaylist, make sure your mail servers are there, but NOT your client networks...

Inbound:

Make sure your firewall only allows connections on port 25 to the ESA and nothing else...

noc_soc69
Beginner

Hi,

For Inbound traffic I have configured this rule, " From Any to Ironport, port 25"

I want to permit this type of conection, but I want that nobody could send an email from inside of the domain, to somebody using a mail direction of the domain without autenthication.

The problem is a Hacker has sent an email from inside the domain using a internal direction.

Regards.

Valter Da Costa
Cisco Employee

Hi,

I would recommend you to open a ticket on this. If you already have one opened I would recommend you to call in and ask to speak with the engineer who is assigned to your ticket. If that engineer is not available your call can be transferred to the next available engineer.

Cheers,
Valter



Sent from Cisco Technical Support Android App

Create
Recognize Your Peers
Content for Community-Ad