Typically sendmail uses standard SMTP port 25 to relay mail. In most cases, this works fine as is, however, some ISPs block port 25. This makes it particularly difficult for sendmail to do its thing since it is supposed to work on port 25. In addition, opening port 25 could be risky. What are the security risks of opening port 25? Port 25 is used by the SMTP protocol to send mail. Some DDOS attacks seems to be targeted at port 25, email related. Under DDOS attacks, it will create huge number of connections to port 25 and causing too much traffic on the server. Port 25 obviously needs to be open for us to receive legitimate email, so we can’t block it. We can however change the default port 25 to other ports to reduce the risk of being attack.
To make sendmail listen on a different port:
1. edit /etc/mail/sendmail.mc
Change Port=<portnumber> in DAEMON_OPTIONS.
2. Rebuild the sendmail.cf.
1 | m4 /etc/mail/sendmail.mc > /etc/mail/sendmail.cf |
3. Restart sendmail.
For Debian:
1 | /etc/rc.d/init.d/sendmail restart |
For CentOS:
1 | service sendmail restart |
Comments