Re: Outbound SMTP

[Don Nightingale <dnightin () WELLESLEY EDU>]

Stephen John Smoogen wrote:
> Michael Van Norman wrote:
> > A researcher on your campus is developing an application that uses
> > e-mail and incorporates its own MTA.  A port 25 block breaks that.
> > That to me is a problem with network usability, not an extreme position.
> Then you have a process where the researcher requests for that port to
> be open for that service. Other researchers have to make requests for
> chemicals, biological agents, requests for review, etc. This is just
> an additional process.
If there's a valid reason to open a port, we'll most likely do it.  We
did have something similar happen actually.  A professor needed
"hands-off" full internet access for his students for the duration of
his course.  We set his lab up on a new vlan and gave him what he asked
for.  After the course was over we removed the vlan and re-imaged the
lab machines.
> The number of researchers who are needing port openings are much less
> than the number of student machines with spam-bots on them. And in
> some states, locations, etc because they are personal property, the sta
Also, blocking unknown outbound SMTP traffic at the firewall  allows us
to syslog the ACL and immediately identify systems that have been
potentially compromised.

--

Don Nightingale
Systems and Networks Manager
Wellesley College
781-283-3271