[ previous ] [ next ] [ threads ]
 From:  "Chris Bagnall" <m0n0wall at minotaur dot cc>
 To:  <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall] on each IP port 25/110 open ??? why?
 Date:  Wed, 29 Sep 2004 14:14:19 +0100
> Now, the scanner (GFI Languard) found on every machine open ports,
> 25 and 110 but i have no rules to open them, only on one system. 
> If I check the firewall logs, the connection ist denied but 
> if I make a telnet to the wan ip / port (25/110) then i get a 
> connection. Not to a service but he doesent say's timeout... 
> The rules are defined for each host..so I dont have a rule 
> like allow from all any port to DMZ Netork port 25 ....

This can sometimes happen if the client machines are running virus scanners
that scan incoming/outgoing emails. Essentially they create a local "proxy"
mailserver on the POP3 and SMTP ports (110 and 25 respectively), then the
mail client is rerouted via those proxies on the local machine to
send/receive mail.  I'm fairly sure Norton AV 2002 used to do this, though
this may well have changed in more recent versions.

This doesn't explain why those ports are reported open from the m0n0 end if
you haven't got a rule defined to allow connections, so it may not be
relevant in this case, but it's sometimes an explanation for those ports
being open on machines you don't expect to be running mailservers.


C.M. Bagnall, Partner, Minotaur
Tel: (07010) 710715   Mobile: (07811) 332969   ICQ: 13350579
AIM: MinotaurUK   MSN: minotauruk at hotmail dot com   Y!: Minotaur_Chris
This email is made from 100% recycled electrons