Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Connect » SMTP ports Destination in Higher range?
  •  
becatlibra

Messages: 33
Karma: 0
Send a private message to this user
Has anyone experienced this problem? I have incoming mail where the source port is 25 and the destination port is like 3205 or higher.

Our box is in a DMZ behind a firewall and I have 80,443,25 and 44337 opened for this machine. However some incoming mail seems to want a REALLY high port - am I insane? I don't want to open up my server to the world on all ports! Why would mail come in with a DST port of something other than 25??

What should I do?

I contacted kerio tech but haven't heard back.

Thanks,

Benjamin
  •  
sedell

Messages: 1168
Karma: 1
Send a private message to this user
That sounds backwards. The source port can be anything, and is generally ports numbered higher than 1024 to prevent interfering with other services. The destination port has to be 25 since that's where mail servers listen. Are you sure you're not seeing outbound traffic?

Scott
  •  
becatlibra

Messages: 33
Karma: 0
Send a private message to this user
I'm sure

13:41:58 IN=eth2 OUT=eth1 SRC=207.148.204.186 DST=192.168.1.3 LEN=64 TOS=0x00 PREC=0x20 TTL=117 ID=7041 PROTO=TCP SPT=25 DPT=32976 WINDOW=16384 RES=0x00 ACK SYN URGP=0
  •  
Pavel Dobry (Kerio)

Messages: 5245
Karma: 251
Send a private message to this user
becatlibra wrote on Mon, 06 November 2006 19:55

I'm sure

13:41:58 IN=eth2 OUT=eth1 SRC=207.148.204.186 DST=192.168.1.3 LEN=64 TOS=0x00 PREC=0x20 TTL=117 ID=7041 PROTO=TCP SPT=25 DPT=32976 WINDOW=16384 RES=0x00 ACK SYN URGP=0


This is a second TCP packet from 3-way TCP handshake. First packet with SYN ws sent to port 25 so this is a response from receiving server. So it is natural that it comes from port 25 and destination port is random (i.e. it is a port used for outgoing connection).
  •  
becatlibra

Messages: 33
Karma: 0
Send a private message to this user
I guess I don't get it -

Maybe it has something to do with the port fwding in IPtables? I am not sure but I need help

  •  
freakinvibe

Messages: 1553
Karma: 62
Send a private message to this user
The destination port (your mail server) must always be port 25. The originating port can be anything, example:

> netstat
Active Connections

Proto Local Address Foreign Address State
TCP basel:smtp 59.41.166.150:2469 ESTABLISHED
TCP basel:smtp 59.92.73.244:3315 ESTABLISHED
TCP basel:smtp 60.212.18.142:2072 TIME_WAIT
TCP basel:smtp 62-43-76-161.user.ono.com:1313 TIME_WAIT
TCP basel:smtp 62.240.103.98:4821 ESTABLISHED
TCP basel:smtp m010.iofferstar.com:57527 TIME_WAIT
TCP basel:smtp pool-71-244-239-19.chi01.dsl-w.verizon.net:50956
TIME_WAIT
TCP basel:smtp 80-195-202-124.cable.ubr03.smal.blueyonder.co.uk
:2881 TIME_WAIT
TCP basel:smtp igld-80-230-26-10.inter.net.il:3536 TIME_WAIT
TCP basel:smtp 82-217-131-71.cable.quicknet.nl:3404 TIME_WAIT
TCP basel:smtp 82-217-131-71.cable.quicknet.nl:4923 TIME_WAIT
TCP basel:smtp vil93-3-82-225-65-202.fbx.proxad.net:3918 TIME_
WAIT
TCP basel:smtp igld-83-130-25-44.inter.net.il:3596 TIME_WAIT
TCP basel:smtp ip-83-134-17-129.dsl.scarlet.be:36924 TIME_WAIT

TCP basel:smtp netrun-49-132.cytanet.com.cy:53946 ESTABLISHED
TCP basel:smtp dsl.static8597199195.ttnet.net.tr:2479 TIME_WAI
T
TCP basel:smtp 86.125.203.93:4983 TIME_WAIT
TCP basel:smtp host72-106-dynamic.15-87-r.retail.telecomitalia.
it:2386 TIME_WAIT
TCP basel:smtp 87.200.251.202:1398 CLOSE_WAIT
TCP basel:smtp chello087206137077.chello.pl:2868 ESTABLISHED
TCP basel:smtp 26.Red-88-2-214.staticIP.rima-tde.net:14643 EST
ABLISHED
TCP basel:smtp bzq-88-152-190-99.red.bezeqint.net:1443 TIME_WA
IT
TCP basel:smtp 89.32.199.18:3067 TIME_WAIT
TCP basel:smtp adsl-dyn34.91-127-203.t-com.sk:34870 TIME_WAIT
TCP basel:smtp 125.133.93.84:4602 TIME_WAIT
TCP basel:smtp home-pool-180-4.com2com.ru:1920 TIME_WAIT
TCP basel:smtp home-pool-180-4.com2com.ru:2413 ESTABLISHED
TCP basel:smtp 201-1-174-190.dsl.telesp.net.br:1417 TIME_WAIT

As you can see the local port is always 25 (smtp).

Regards, Pascal

Dexion AG - The Blackberry Specialists in Switzerland
https://dexionag.ch
  •  
Nixs

Messages: 159
Karma: 0
Send a private message to this user
Sometimes the SYN's ACK comes in a little late, and your firewall blocks it as the session is not in the session table any longer.

The logs show the source port and destination port backwards in this case. FW1 does this, for example.
Previous Topic: Black List check order
Next Topic: Kerio Mail server delaying mail received?
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Thu Nov 23 02:54:03 CET 2017

Total time taken to generate the page: 0.00409 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.