Results 1 to 7 of 7

Thread: Port 25/tcp open ?

  1. #1
    Join Date
    Jun 2012
    Beans
    185

    Port 25/tcp open ?

    I've always seen port 25/tcp open and used by smtp when running nmap on my computer,and I've always assumed it was needed for Thunderbird (please note this is not a server,just a normal desktop pc):later I've realized it is actually used by the service exim4 and that I can stop said service and close that port in the firewall too,and Thunderbird still works.
    So the obvious question is,why was that port open and exim4 running? Is that the default for a normal Ubuntu installation?
    Anything unusual that I should check?
    Lastly,instead of stopping exim4 (although,with port 25 blocked,maybe I shouldn't bother) from a terminal,how can I disable it on boot?

  2. #2
    Join Date
    Oct 2009
    Beans
    Hidden!
    Distro
    Ubuntu 12.04 Precise Pangolin

    Re: Port 25/tcp open ?

    If you don't need it purge it.

    Code:
    sudo apt-get purge exim4*
    If this is a desktop install, it shouldn't be installed unless you installed something like smartmontools, which list a MTA (Mail transfer agent, exim/postfix/sendmail) as a dependency.
    Come to #ubuntuforums! We have cookies! | Basic Ubuntu Security Guide

    Tomorrow's an illusion and yesterday's a dream, today is a solution...

  3. #3
    Join Date
    Jun 2012
    Beans
    185

    Re: Port 25/tcp open ?

    Thanks,it has indeed been installed as a dependency/recommended package but probably not only for smartmontools:upon simulating the removal of exim4* packages,rkhunter gets removed as well,apparently it also needs exim4.
    So I'll have to leave it installed and disable it on boot,I suppose:can I do this ?

  4. #4
    Join Date
    Oct 2009
    Beans
    Hidden!
    Distro
    Ubuntu 12.04 Precise Pangolin

    Re: Port 25/tcp open ?

    The easiest way is to just remove the execute permission from the file in /etc/init.d, but that is not necessarily the "right" way.

    As far as the right way go, look at update-rc.d:
    http://www.tin.org/bin/man.cgi?secti...ic=update-rc.d
    Come to #ubuntuforums! We have cookies! | Basic Ubuntu Security Guide

    Tomorrow's an illusion and yesterday's a dream, today is a solution...

  5. #5
    Join Date
    Jun 2012
    Beans
    185

    Re: Port 25/tcp open ?

    Since I don't need this exim4 service at all,I've done it properly (at least,that was the plan) and removed it at boot without uninstalling it with
    Code:
    sudo update-rc.d exim4 remove
    so thanks for pointing me in the right direction.

  6. #6
    Join Date
    Mar 2006
    Location
    Williams Lake
    Beans
    Hidden!
    Distro
    Ubuntu Development Release

    Re: Port 25/tcp open ?

    Please be aware that running nmap locally on a system will give you different results than when run from a remote system. Running nmap on my server locally gives me the following results:

    Code:
    nmap localhost
    
    Starting Nmap 5.21 ( http://nmap.org ) at 2013-09-03 11:36 PDT
    Nmap scan report for localhost (127.0.0.1)
    Host is up (0.00024s latency).
    Not shown: 991 closed ports
    PORT     STATE SERVICE
    22/tcp   open  ssh
    25/tcp   open  smtp
    80/tcp   open  http
    111/tcp  open  rpcbind
    139/tcp  open  netbios-ssn
    445/tcp  open  microsoft-ds
    2049/tcp open  nfs
    3306/tcp open  mysql
    8200/tcp open  unknown
    While running nmap from my main system, gives me the following result:

    Code:
     nmap willy
    
    Starting Nmap 6.25 ( http://nmap.org ) at 2013-09-03 11:16 PDT
    Nmap scan report for willy (192.168.0.205)
    Host is up (0.00031s latency).
    Not shown: 993 closed ports
    PORT     STATE SERVICE
    22/tcp   open  ssh
    80/tcp   open  http
    111/tcp  open  rpcbind
    139/tcp  open  netbios-ssn
    445/tcp  open  microsoft-ds
    2049/tcp open  nfs
    8200/tcp open  trivnet1
    As you can see from the above results, I have an MTA running, that is only accessible locally, in my case I use logwatch, and check the messages locally on my server. Removing exim4 may render some utilities useless.

  7. #7
    Join Date
    Jun 2012
    Beans
    185

    Re: Port 25/tcp open ?

    I think you're right,every now and then I do see some mail errors in the logsn the other end,I run rkhunter manually and I don't think I need mail messages from it-so I can probably live with this.

    But you've brought up an interesting point,very likely port 25 with exim4 running was actually open only locally:I'll have to restart this service and scan this pc from another one to verify.

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •