Checklist for securing smtp

Question

What are some things, one should know when setting up an SMTP server, which supports ESMTP protocol. I have disabled relaying, and only enabled TLS authenticated transfers. when I telnet to my server, this is the reply:

250-mail.example.com
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-STARTTLS
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN

Should any of these be turned off? should anything else be enabled

Have you tried to send a message through telnet to see if you can relay or if SMTP Authentication is required? — AbsoluteƵERØ, Jun 10 '13 at 18:56
This looks like a job for the principle of least privilege - disable everything then enable (only) what you need. — James Snell, Jun 10 '13 at 18:59

score 1 · Accepted Answer · answered Jun 17 '13 at 11:07

1

You should disable the VRFY and / or EXPN these commands can expose user information to people probing a system in preparation for an attack.

answered Jun 17 '13 at 11:07

Hugo

1,701
11
12

DSN - Delivery Status Notification should be also disabled for the same reasons. – Hugo Jun 17 '13 at 11:10
Depending on the objective of the server it might be better to check which options should be configured about the types of notifications that you wish the others to receive. – Hugo Jun 17 '13 at 11:17

Checklist for securing smtp

1 Answers1