Educause Security Discussion mailing list archives
Re: blocking port 25 at the border?
From: "H. Morrow Long" <morrow.long () YALE EDU>
Date: Thu, 23 Aug 2007 19:55:08 -0400
Bob Bayn - We have managed port 25 (SMTP) at the border for about 2 years outbound and 3+ years inbound. Primarily system administrator managed mail servers are the systems transmitting and receiving SMTP on TCP port 25. There are a few exceptions and a formal procedure (and web form) exists for requesting an inbound or outbound exception. There are quite a few more local e-mail systems but most of them have owners who have decided that they do not need to receive email directly on port 25 from the Internet nor xmit directly to Internet email servers. Therefore most internal servers have their DNS names and/or domains MXed to our public mail relay servers. The very few that don't have primarily policy- based reasons for requesting an exception (e.g. they can't be bound by our 20MB file size limit, anti-virus/anti-spam, etc.) & we allow these exceptions. We blocked SMTP originally to cut down on spam complaints (both internal and external) generated by both "rogue" and "accidental" mail servers but the anti-spam/malware/phishing scanning funnel which now covers most of campus has proved to be even more valuable. fYI - one way to distinguish between a Storm infected PC and a Skype node (both can generate a lot of UDP traffic to many IP #s on the Internet) is that a Skype node will usually be listening on 3 TCP ports - port 80, 443 and a random port above 1024. The service listening at these ports will usually answer a probe with string 'GET /' with the response : HTTP/1.0 501 Not Implemented - H. Morrow Long, CISSP, CISM, CEH University Information Security Officer Director -- Information Security Office Yale University, ITS On Aug 23, 2007, at 5:08 PM, Bob Bayn wrote:
Do you regulate port 25 at the border? If so, what is your procedure for allowing an exception (for a legit email server)? What administrative approvals were required at your institution before you could regulate port 25? Bob Bayn IT Security Team Utah State University Logan, UT
Current thread:
- blocking port 25 at the border? Bob Bayn (Aug 23)
- <Possible follow-ups>
- Re: blocking port 25 at the border? Mark Borrie (Aug 23)
- Re: blocking port 25 at the border? Gary Flynn (Aug 23)
- Re: blocking port 25 at the border? Randy Marchany (Aug 23)
- Re: blocking port 25 at the border? Gary Flynn (Aug 23)
- Re: blocking port 25 at the border? Dave Koontz (Aug 23)
- Re: blocking port 25 at the border? H. Morrow Long (Aug 23)
- Re: blocking port 25 at the border? Mark Borrie (Aug 23)
- Re: blocking port 25 at the border? Kenneth Arnold (Aug 23)
- Re: blocking port 25 at the border? Lutzen, Karl F. (Aug 23)
- Re: blocking port 25 at the border? Matthew Keller (Aug 23)
- Re: blocking port 25 at the border? Curt Wilson (Aug 24)