Remediation
From Command Lineβ
- Run the following command to remove or modify the unrestricted rule for SMTP access:
aws ec2 revoke-security-group-ingress \
--region {{region-name}} \
--group-id {{security-group-id}} \
--protocol {{protocol}} \
--port 25 \
--cidr {{0.0.0.0/0 or ::/0}}
- Optionally, run the
authorise-security-group-ingress
command to create a new rule, specifying a trusted CIDR range instead of0.0.0.0/0
.
- Confirm the changes by describing the security group again and ensuring the unrestricted access rule has been removed or appropriately restricted:
aws ec2 describe-security-groups \
--region {{region-name}} \
--group-ids {{security-group-id}} \
--query 'SecurityGroups[*].IpPermissions[?FromPort==`25`].{CIDR:IpRanges[*].CidrIp,Port:FromPort}'
- Conduct tests to verify functionality of applications dependent on SMTP to ensure they are unaffected by the changes.