Port 25 blocks

[Jim Barlow <jbarlow () NCSA UIUC EDU>]

Our site currently blocks port 25 inbound to all hosts except our mail
servers.  We are now looking at blocking outbound port 25 as well.
The reason for this is to control any internal host that might
be infected with a virus and starts sending out SPAM or other virus
email which wouldn't pass through our mail server and get caught.
This could also serve to alert us when an internal host is infected with
something.

The problem with this is that there are a number of people who have
machines (laptops primarily) configured to do SMTP with their home cable
modem/DSL company.  They don't want to have to have two configurations
to deal with (one for work, one for home) and we would like to come up
with a solution that would affect the least amount of people.  We could
have them use our SMTP servers all the time, but they are then required
to POP before SMTP in order for our email servers to relay mail from
an outside IP (just FYI, we do require non-cleartext POP auths :-).
This will work for some, but there are other cases where it won't.
Another possible solution would be for the routers to re-write headers for
anything outbound to port 25 to send it through the mail server.  However,
I don't know if this has been done, or currently is being done anywhere.

So we are wondering if anyone else currently blocks port 25 outbound
and what they did to solve some of these problems.

Thanks in advance.


--
James J. Barlow   <jbarlow () ncsa uiuc edu>
Head of Security Operations and Incident Response
National Center for Supercomputing Applications    Voice : (217)244-6403
605 East Springfield Avenue   Champaign, IL 61820   Cell : (217)840-0601
http://www.ncsa.uiuc.edu/~jbarlow                    Fax : (217)244-1987

**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/groups/.