Educause Security Discussion mailing list archives
Re: blocking port 25 at the border?
From: Gary Flynn <flynngn () JMU EDU>
Date: Thu, 23 Aug 2007 18:03:30 -0400
Bob, We're set up much like Mark described below and have been for a similar amount of time. There is no set policy or procedure for exceptions but there has been only one request for the past several years so it hasn't been an issue. I can't recall what we went through to implement the change. We did not have very many independent email servers at the time so that helped a lot. We grandfathered the ones we could identify through the policy change and they've slowly come into the fold over time. The change may also have coincided with the introduction of a new mail system which might have helped client migration. P.S. Regarding the Storm worm SPAM follow up question I introduced. I apologize for changing the subject of the thread without actually changing the subject line. I try not to do that. Mark Borrie wrote:
We have managed port 25 at the border for about 8 years. Only central mailhubs are visible from outside. No local systems can send out on 25. All mail domains are centrally registered and MXed to the incoming hubs, which then route mail onto the mail servers. Registered services smart relay outgoing mail to the outwards hub service. Local clients must use an on campus smtp host. We initially set this up to stop open relays and other problems with unpatched sendmail servers. Now virus and spam management are the prime drivers. Interestingly, we are not seeing any impact from the Storm worm. Our spam system must be catching the majority of the incoming and we are not seeing locally infected systems (they could be there but they cant send out and are probably trying to send directly anyway). Mark Bob Bayn wrote:Do you regulate port 25 at the border? If so, what is your procedure for allowing an exception (for a legit email server)? What administrative approvals were required at your institution before you could regulate port 25? Bob Bayn IT Security Team Utah State University Logan, UT
-- Gary Flynn Security Engineer James Madison University www.jmu.edu/computing/security
Current thread:
- blocking port 25 at the border? Bob Bayn (Aug 23)
- <Possible follow-ups>
- Re: blocking port 25 at the border? Mark Borrie (Aug 23)
- Re: blocking port 25 at the border? Gary Flynn (Aug 23)
- Re: blocking port 25 at the border? Randy Marchany (Aug 23)
- Re: blocking port 25 at the border? Gary Flynn (Aug 23)
- Re: blocking port 25 at the border? Dave Koontz (Aug 23)
- Re: blocking port 25 at the border? H. Morrow Long (Aug 23)
- Re: blocking port 25 at the border? Mark Borrie (Aug 23)
- Re: blocking port 25 at the border? Kenneth Arnold (Aug 23)
- Re: blocking port 25 at the border? Lutzen, Karl F. (Aug 23)
- Re: blocking port 25 at the border? Matthew Keller (Aug 23)
- Re: blocking port 25 at the border? Curt Wilson (Aug 24)