Triage and Remediation
Remediation
Using Console
Using Console
To remediate the unrestricted SMTP access issue in AWS, follow these steps:
- Open the AWS Management Console and navigate to the EC2 service.
- Select the EC2 instance that is allowing unrestricted SMTP access.
- Click on the “Security” tab and scroll down to the “Security groups” section.
- Click on the security group that is associated with the instance.
- Click on the “Inbound rules” tab.
- Locate the rule that allows SMTP traffic (port 25) with the source of “0.0.0.0/0” or ”::/0”.
- Click on the “Edit” button next to the rule.
- Change the source to a specific IP address range or security group that requires SMTP access.
- Click the “Save” button to apply the changes.
Using CLI
Using CLI
To remediate this issue in AWS, you can follow the below steps using AWS CLI:
- Open the AWS CLI on your local machine or EC2 instance.
- Run the following command to list all the active SMTP settings in the AWS account:
- If the command output shows that the “SendingEnabled” parameter is set to “true”, then you need to disable it. Run the following command to disable SMTP access:
- After running the above command, verify that the “SendingEnabled” parameter is set to “false” by running the following command:
- If the “SendingEnabled” parameter is set to “false”, then SMTP access has been successfully restricted in your AWS account.
Using Python
Using Python
To remediate unrestricted SMTP access in AWS using Python, you can follow the steps below:Replace
- Create a Python script to check for SMTP access:
- Once you have identified the security group(s) with unrestricted SMTP access, you can update the security group rules to restrict SMTP access to specific IP addresses or ranges.
SECURITY_GROUP_ID with the ID of the security group that needs to be updated and ALLOWED_IP_ADDRESS with the IP address or range that should be allowed to access SMTP.- Run the Python script to check for and remediate unrestricted SMTP access in AWS.