Port 25 open by default?

JonD

I have done a fresh install of the latest pfSense with no port forwards or WAN rules added.

When I scan with the Gibson Research ("shields Up") web site scanner, it reports that port 25 is open…. all other ports are "stealth" mode.
If I use nmap, it reports all ports filtered.

If I use my LinkSys router, the GRC website reports all ports are in "stealth" mode (neither open or closed). I'm assuming that the GRC "stealth" mode equates to "filtered"?

I understand that pfSense defaults to all ports closed, but I wondering what the above results are saying about port 25... perhaps it's a problem with the way GRC scans the ports?

JonD

jimp

Do you, by chance, happen to have the spamd package installed?

No ports are open on the WAN by default. Some packages override the base firewall rules, but it varies from package to package. Spamd is the only one I can think of off the top of my head that might listen on a mail port.

You can confirm this by going to Diagnostics > Command and typing:

sockstat | grep :25

And press "execute"

It should tell if you if something is listening on port 25, though there may be other things there as that isn't a very well-anchored grep. Paste the output in a reply if you need help.

JonD

I did install but then uninstalled spamd.

the sockstat command gave me no output… should it give a response even if there's no match to the grep command?

Let me try a clean install and see what happens.

JonD

JonD

Although there was no indication using the  sockstat  command, and even though I had deinstalled spamd there must have been some sort of left-over.  A clean install gives a completely green test on all ports.

Thanks for the hint…  it solved the problem.

JonD

jimp

No output from the sockstat command should have indicated that nothing was actually listening on port 25, but some more detail might be needed to track down the real issue.

I don't know if an older version of spamd had an issue or not, but I just installed, ran, and uninstalled spamd on a test box and it showed closed at first, open while running, and closed at the end.

Something must have been left behind.

JonD

Fortunately, reinstalls go very quickly so reinstall was the solution.

Thanks again,

JonD