Is there a way to block port 25 for everything but mail communication? Had no luck finding an answer to this yet. Maybe it's possible to block every application but those related to above usage?
I am using qmail, if that is important.
Asked
Active
Viewed 684 times
2 Answers
1
Assuming no malicious software is running on your host, or no specific port mapping, no specific routing, then most probably your mail application is using port 25 as its socket, and no other apps are using this port.
If it happens that any other apps sends traffic to port 25 on your host, your mail app will read it, find it's not mail, and discards it.
aseaudi
- 476
0
I think you may be mixing different issues. If you have qmail running in standard configuration, it will be listening on port 25. You can check that with the command:
sudo ss -lntp | grep 25
This command will show you the process (the -p option) listening on port 25.
Now let us imagine that a different application from anther pc sends packets to your port 25: what is going to happen? Nothing, unless that application is asking exactly for qmail. So there is no need (and no possibility either) to bar applications on any given port. If some pc sends packet destined for an application X to a port where Y is listening, nothing will happen. So there is no need (and no possibility) to use iptables to bar applications.
If you do not believe me, just try to load a Web page from port 25, or to establish an ssh connection to it, and see what happens.
MariusMatutiae
- 48,517
- 12
- 86
- 136