Re: Port 25 blocking

[Michael Halm <Michael.Halm () CCMAIL NEVADA EDU>]

We  are not blocking port 25. But we are redirecting port 25 traffic that
does not originate with our list of authorized e-mail servers. We are
doing this, of course, in response to the proliferation of variants of
malware that installs an smtp engine on the infected machine.

The purpose of the redirect is to inform us of the new smtp servers. The
box that gets the redirected traffic simply logs port 25 activity and
reports the hosts to us daily. We identify each machine and contact the
owner, since in every case we need either to open a Help Desk ticket to
disinfect the pc or else to authorize the server and add it to our allowed
list.

Michael Halm, CISSP
Network Operations Center
University of Nevada Las Vegas
4505 Maryland Parkway
Las Vegas Nv  89154
702-895-0726




Tim Boshart <timsb () GOSHEN EDU>
Sent by: The EDUCAUSE Security Discussion Group Listserv
<SECURITY () LISTSERV EDUCAUSE EDU>
03/05/2004 11:10 AM
Please respond to The EDUCAUSE Security Discussion Group Listserv


        To:     SECURITY () LISTSERV EDUCAUSE EDU
        cc:
        Subject:        [SECURITY] Port 25 blocking


Our department has started to discuss blocking port 25 at our firewall
for all machines except for our mail servers. How many places are doing
this? Why did you implement this?
--
Tim S. Boshart             Information Technology Services
Goshen College             Voice: (574) 535-7004
Email: timsb () goshen edu    http://timlinux.goshen.edu/

**********
Participation and subscription information for this EDUCAUSE Discussion
Group discussion list can be found at http://www.educause.edu/cg/.



**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/cg/.