Educause Security Discussion mailing list archives

Re: smtp redirection

From: Michael_Maloney <Michael_Maloney () MIDDLESEXCC EDU>
Date: Wed, 11 May 2005 11:47:14 -0400

We've blocked all inbound SMTP with the exception of our Barracuda, and
all outbound SMTP is blocked as well with the exception of our Exchange
box.  Works really well against the scan and spam bots I've seen coming
in from the outside, and also protects against students trying to make a
buck by trying to turn a PC into a spam bot

 

******************************************** 
Mike Maloney 
Sr. System Engineer 
Middlesex County College 
2600 Woodbridge Avenue 
Edison, NJ 08818 
Phone: 732-906-7754 
Cell: 908-217-2086 
Fax: 732-906-4266 
Email: Michael_Maloney () middlesexcc edu 
******************************************** 

________________________________

From: The EDUCAUSE Security Discussion Group Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of John
Sent: Tuesday, May 10, 2005 3:32 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] smtp redirection

 

Greetings All,

 

We are redirecting smtp traffic inbound to some campus mail servers via
MX records in our DNS to an anti-spam appliance (Bluecat Meridius) and
find some email circumvents the appliance apparently by using DNS IP
lookup for host resolution and not using MX records to send mail to mail
servers on our campus. The vendor recommends blocking inbound port 25 to
the campus mail servers from the internet. I favor this approach.
However the mail folks are concerned that some legitimate email may be
dropped this way.

 

For those of you who redirect email to an anti-spam device; how are you
doing this redirection and how are you dealing with the spammers who
circumvent the MX record approach?

 

Before changing MX records I set a route map on a router to redirect
smtp traffic to the Meridius but the IP destination headers did not have
the Meridius address so the appliance dropped the traffic. We run a
public class B and do not do NAT.

 

I very much appreciate your solutions, ideas, critiques and war stories.

 

Cheers,

 

John Garner

jgarner () sfasu edu

Stephen F. Austin State U

********** Participation and subscription information for this EDUCAUSE
Discussion Group discussion list can be found at
http://www.educause.edu/groups/.

**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/groups/.

Current thread:

Re: smtp redirection, (continued)
- Re: smtp redirection Graham Toal (May 10)
- Re: smtp redirection Paul Russell (May 10)
- Re: smtp redirection Valdis Kletnieks (May 10)
- Re: smtp redirection Mark Borrie (May 10)
- Re: smtp redirection Valdis Kletnieks (May 10)
- Re: smtp redirection John (May 10)
- Re: smtp redirection Les LaCroix (May 10)
- Re: smtp redirection Mark Borrie (May 10)
- Re: smtp redirection David Shettler (May 10)
- Re: smtp redirection Chris Edwards (May 11)
- Re: smtp redirection Michael_Maloney (May 11)