In my experience dealing with email security and mail server configurations, I have seen many cases where administrators inadvertently commit basic mistakes that cause hours — and occasionally days — of delays. Nobody is perfect, but some errors come at a higher cost, especially when the proper operation of several critical systems depends on correctly configured elements. End users are usually the first to complain, often before you even realize there’s a problem — and in some cases, it’s the CEO raising the alarm, increasing the pressure to fix things fast.
The two major mistakes I often encounter when reviewing firewall configurations are:
1. Creating an “any to any” Access Rule
With an “any to any” rule in place, you’re essentially using a firewall that provides no meaningful protection. I’ve seen this rule placed at the top of the list, rendering more specific rules below it ineffective. I’ve also worked with customers who believed they had a secure environment, only to find an “any to any” rule buried at the bottom of their firewall policies. In other situations, I’ve troubleshot issues where new rules weren’t functioning, and almost every time, it was due to an “any to any” rule listed above the intended one. Before creating a new rule, I always test the expected outcome using the existing firewall configuration. Then I implement the rule and test again to confirm it works as planned. It’s crucial to check the rule order, as a firewall stops evaluating once it finds a match — skipping all subsequent rules. Missteps like this not only weaken overall cybersecurity but may expose systems to cybersecurity threats and increase the likelihood of malware protection gaps.
2. Misconfigured Email Servers and Firewall Settings
This is another frequent issue, especially for organizations using an email service provider (ESP) for filtering. Users often report that the ESP isn’t filtering spam effectively, when the real problem lies in the firewall setup. Running an nslookup on the domain often reveals a leftover MX record still pointing directly to the internal mail server. Spammers exploit this to bypass the ESP. I’ve also seen firewalls configured to accept SMTP traffic on port 25 from any source — when ideally, only the ESP should be allowed to deliver email. These oversights create openings for email phishing attacks, email spoofing, and email impersonation, particularly in environments that haven’t fully implemented email authentication tools like DMARC, OnDMARC, or solutions such as Proofpoint Essentials. Without these protections, threats can pass through unchecked — increasing risk even in environments with Office 365 email security in place.
These are some of the most common — and most preventable — issues I encounter when reviewing firewall setups. Remember: a misconfigured firewall is no better than having no firewall at all.
