Educause Security Discussion mailing list archives
Re: Blocking port 25 outbound
From: Paul Russell <prussell () ND EDU>
Date: Tue, 23 Aug 2005 10:13:08 -0500
We block outbound outbound port 25 traffic at the network border, with the exception of traffic from the central mail servers and known departmental mail servers. Systems in ResNet are required to use SSL/TLS and SMTPAUTH to send mail through the central mail servers, and we are expanding this restriction to the rest of our network. We maintain a 'whitelist' of systems which are allowed to use non-secure anonymous SMTP, to accomodate faculty and staff using mission-critical software which does not support SSL/TLS and/or SMTPAUTH. Our InfoSec staff monitors the network for 'rogue MTAs', and the Messaging Services staff monitors the central mail servers for local systems with excessive SMTP rejects. We began implementing these measures approximately two years ago, to address the problem of zombie systems in our network being exploited to send spam and/or virus traffic. Blocking outbound port 25 stopped direct-to-MX traffic, and mandatory SMTPAUTH stopped the zombies from relaying through the central mail servers. When the use of port 25 blocks and mandatory SMTPAUTH becomes widespread, the spamware and virus authors will find ways to circumvent those restrictions. -- Paul Russell Senior Systems Administrator OIT Messaging Services Team University of Notre Dame
Current thread:
- Re: Blocking port 25 outbound, (continued)
- Re: Blocking port 25 outbound Trevor J Corbett (Aug 22)
- Re: Blocking port 25 outbound Christopher E. Cramer (Aug 22)
- Re: Blocking port 25 outbound Jason Richardson (Aug 22)
- Re: Blocking port 25 outbound Scott Genung (Aug 22)
- Re: Blocking port 25 outbound Matthew Keller (Aug 22)
- Re: Blocking port 25 outbound Information Security (Aug 22)
- Re: Blocking port 25 outbound Michael Sinatra (Aug 22)
- Re: Blocking port 25 outbound John Kristoff (Aug 22)
- Re: Blocking port 25 outbound Chris Steele (Aug 22)
- Re: Blocking port 25 outbound Orlando Richards (Aug 23)
- Re: Blocking port 25 outbound Paul Russell (Aug 23)
- Re: Blocking port 25 outbound Kenneth G. Arnold (Aug 23)