Page 1 of 1

Prevent Allworx SMTP Corruption

Posted: Tue Jan 07, 2014 7:19 pm
by justingoldberg
There's been a lot of DoS attacks against allworx servers, some after being patched against sip attacks. This has led to them being corrupted and requiring a subsequent factory defaulting and reprograming from scratch. To prevent this, do the following:

For single sites, disable smtp port 25 on Network, Config. If behind another firewall, forward a different public port (33333) to port 25 on the lan. This assumes that the allworx is in lan host mode. If you use iAllworx, you will need to change the port as below, and also change it within the mobile app.

For multiple sites linked in a controller/branch network, and you're using a public connection, change the allworx Email Server's smtp port and smtp voicemail ports to the new port number, 33333. This port is used for multisite voicemail (for example, if you login to your voicemail through 404 and send a voicemail to someone on another system, it will be sent through this port number at the destination allworx[the system that is receiving the voicemail]). If the allworx is directly on a public ip address, you will also need to open up the new smtp port in the allworx dmz, as seen below:

WAN Port #: 33333
Protocol: TCP
IP Address: [public ip of allworx] (this must match the ip address in the WAN IP Address field on the same page)
Local Port #: 33333

I believe that the smtp port is used for the iAllworx mobile app, whereas the smtp voicemail port is used for multisite voicemail, but I have not confirmed this.

You will need to change the smtp port in iAllworx from 25 to the new port configured above.

You can confirm the port is open on the WAN by using Netcat from nmap.org/ncat:

Code: Select all

C:\Documents and Settings\Administrator>ncat [public ip of allworx] 33333 -vvv
Ncat: Version 6.01 ( http://nmap.org/ncat )
NSOCK (0.2970s) TCP connection requested to [public ip of allworx:33333] (IOD #1) EID 8
NSOCK (0.2970s) Setting of SO_BROADCAST failed (IOD #1)
NSOCK (0.3590s) Callback: [color=#FF0000]CONNECT SUCCESS[/color] for EID 8 [public ip of allworx:33333]
Ncat: Connected to [public ip of allworx:33333].
NSOCK (0.3750s) Read request from IOD #1 [public ip of allworx:33333] (timeout: -1ms) EID 18
NSOCK (0.3750s) Read request for 0 bytes from IOD #2 (peer unspecified) EID 26
NSOCK (0.4060s) Callback: READ SUCCESS for EID 18 [(null):-1] (47 bytes)
220 allworx.com InSciTek OIS Ready here ESMTP
NSOCK (0.6560s) Read request for 0 bytes from IOD #1 [(null):-1] EID 34