Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

Suspected insecure email server

  • 21-02-2024 8:24am
    #1
    Registered Users, Registered Users 2 Posts: 128 ✭✭


    Mate had his emails setup by a company


    He was thinking of moving to another company


    I checked his mx records and it points to a single ip address, i did a port scan on this ip and was surprised to find loads of open ports

    21 ftp

    23 ssh

    53 domain

    80

    Obviously

    25,110,143,993,995

    But there was loads more


    I was imagning some old windows box that his website devoleper was using, but then i did a whois lookup and was surprised it was a proper email provider


    Whois mentions a small range of ip address this provider uses and i found similar open ports on the rest of them


    Should a machine used for email only have the essential ports open to the internet?



Comments

  • Registered Users, Registered Users 2 Posts: 18,991 ✭✭✭✭kippy


    Is it possible the MX record points to a firewall/loadbalancer/router or some other device that isn't itself an email server?



  • Registered Users, Registered Users 2 Posts: 128 ✭✭User567363


    Ahh, that makes sense, so if one port can be used in an attack it might not be the same machine the email mailboxs are on


    No way of checking that from this side, but fingers crossed your right

    Post edited by User567363 on


  • Registered Users, Registered Users 2 Posts: 9,370 ✭✭✭LambshankRedemption


    Not that it matters but port 23 is Telnet not SSH.

    That said, assuming it was nmap or a similar port scanner, there is no guarantee it is actually those service running on those ports. The SSH server on my gateway server runs on 22, 53, 80, 443 and 8080. The reason being, if I am on a network which blocks outbound SSH, I can usually get out on one of those other ports.



Advertisement