Educause Security Discussion mailing list archives

Re: Port 25 blocks

From: Jon Mitchiner <jon.mitchiner () GALLAUDET EDU>
Date: Wed, 12 Jan 2005 17:19:47 -0500

If you are blocking port 25, or you are considering blocking port 25, I
strongly suggest that you have a method in place to monitor any device
that is trying to send e-mails through unauthorized servers.  This is
important, in my opinion, to be able to identify which client(s) may
have viruses on their computer so you can take appropriate action on
those computers.

If something is trying to send emails 100,000s of times a day, there's a
good chance it is infected.

It probably wont be too long before there are viruses that hijack the
SMTP AUTH information from commonly used e-mail programs such as
Outlook, Outlook Express.  Blocking port 25 may not be effective in the
future because more ISPs and Universities are requiring SMTP AUTH to
send e-mails.

Jon Mitchiner
Gallaudet University

**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/groups/.

Current thread:

Port 25 blocks Jim Barlow (Jan 12)
- <Possible follow-ups>
- Re: Port 25 blocks Justin Azoff (Jan 12)
- Re: Port 25 blocks Gary Dobbins (Jan 12)
- Re: Port 25 blocks Rob Tanner (Jan 12)
- Re: Port 25 blocks Dave Koontz (Jan 12)
- Re: Port 25 blocks Jon Mitchiner (Jan 12)
- Re: Port 25 blocks Chris Edwards (Jan 12)