I have a question about which ports on my Centos 6.7 VPS I can safely close or move to harden the server a bit. I should say that there are only two users with only email accounts, so no FTP or anything like that.
Also, I have the following fail2ban jails activated:
[sshd]
[sshd-ddos]
[apache-auth]
[apache-noscript]
[apache-botsearch]
[apache-fakegooglebot]
[apache-modsecurity]
[apache-shellshock]
[php-url-fopen]
[webmin-auth]
[postfix]
[sendmail-auth]
[sendmail-reject]
[dovecot]
[postfix-sasl]
[mysqld-auth]
[named-refused-udp]
[named-refused-tcp]
These are the open ports:
Port 53
The TCP /UDP DNS port.
I don’t believe this can be moved or closed?
Port 443
TLS/SSL (HTTPS)
I don’t believe this can be moved?
Port 80
UDP HTTP
I don’t believe this can be moved or closed?
Port 110
POP3
Can I / should I move this by changing the port and then also changing the port on the users side?
Will this break email?
Port 587
SMTP
Can I / should I move this by changing the port and then also changing the port on the users side?
Will this break email?
Port 25
SMTP
I tried to close this in the past and I could no longer receive emails, so I’m leaving it as it is.
I’m only concerned about port 25 which is constantly hammered by brute force attacks: /var/log/messages
Jan 30 10:20:34 web saslauthd[879]: do_auth : auth failure: [user=jwilliams] [service=smtp] [realm=] [mech=pam] [reason=PAM auth error]
/var/log/maillog
Jan 30 10:20:04 web postfix/anvil[5520]: statistics: max connection rate 1/60s for (smtp:70.61.34.42) at Jan 30 10:16:41
Jan 30 10:20:04 web postfix/anvil[5520]: statistics: max connection count 1 for (smtp:70.61.34.42) at Jan 30 10:16:41
Jan 30 10:20:04 web postfix/anvil[5520]: statistics: max cache size 1 at Jan 30 10:16:41
Jan 30 10:20:31 web postfix/smtpd[5616]: warning: 202.47.1.214: address not listed for hostname unregistered.netregistry.net
Jan 30 10:20:31 web postfix/smtpd[5616]: connect from unknown[202.47.1.214]
Jan 30 10:20:34 web postfix/smtpd[5616]: warning: unknown[202.47.1.214]: SASL Login authentication failed: authentication failure
Jan 30 10:20:35 web postfix/smtpd[5616]: lost connection after AUTH from unknown[202.47.1.214]
Jan 30 10:20:35 web postfix/smtpd[5616]: disconnect from unknown[202.47.1.214]
Of course these are blocked by fail2ban but they use bandwidth and slow down the server: /var/log/fail2ban.log
2016-01-30 10:20:34,964 fail2ban.filter [3328]: INFO [postfix-sasl] Found 202.47.1.214
I’d like to move the SMTP port to another port, but I don’t want to break my email!
I’ve found some instructions here.
Would it be OK to move the port and would I still be able to receive emails?