Educause Security Discussion mailing list archives
Re: Blocking port 25 outbound
From: Information Security <infosecurity () UTPA EDU>
Date: Mon, 22 Aug 2005 16:57:19 -0500
Randy Marchany wrote:
We are considering blocking all port 25 traffic outbound. We have noted >various ISP5's and others moving to block port 25 outbound to reduce > spamming. We wish to be good netizens. Oh my. So, you're going to ban all email from any machine on campus thereby forcing all email to be handled by a central group of email servers?
I'm not going to touch that one because I know a religious war when I see one :-) Let's just say that the rest of this discussion only applies to people who think the above is A Good Thing. Anyone who doesn't approve doesn't have to implement it.
This means that your email servers should have anti-spam and anti-virus filters.
Absolutely. Why should only incoming mail have all the fun? Although I'ld just filter viruses; anti-spam isn't reliable enough to block outgoing based on content, but what you *can* do is: 1) put in a quarantine based on content and alert someone to check, if you're willing to allow your admins to look at outgoing mail. (We generally try to avoid mail solutions that require a man in the loop) 2) throttle outgoing mail based on volume and/or content (taking care for official mass mailings and listservs etc) 3) reject all outgoing mail that does not have an allowed sender domain, which you should also have a policy to support.
Unix systems that have their own mail servers won't be able to send outbound email.
actually you can if you redirect all outgoing port 25 to your central mail server; it should go through transparently but get the benefit of whichever from 1-3 above you decide to implement.
What about systems that will relay mail through your email servers to the outside world? How will you rate flow that?
Look around on the net. Lots of solutions.
I can see why ISPs would do that (commercial site) but I can't see a good reason for a university to do that. Why not train your sysadmins how to configure an email server correctly or provide some tools to do so?
I can't see why a university is different from an ISP. In fact we probably have more misbehaving customers than the ISPs do (and they're often harder to track down). And if we could train all the sysadmins to acceptable standards we wouldn't be having this discussion in the first place. The problem is that idiot software like IIS makes it easy for anyone to be an 'admin' whether they are competant or not. I've found may IIS servers running SMTP, FTP, etc etc that the system owner wasn't even aware of. (That's why we do campus-wide scans and follow up on what we find) In other words many 'sysadmins' are actually users who've turned on a service by accident.
-r.
G
Current thread:
- Re: Blocking port 25 outbound, (continued)
- Re: Blocking port 25 outbound Information Security (Aug 22)
- Re: Blocking port 25 outbound Michael Halm (Aug 22)
- Re: Blocking port 25 outbound Joe St Sauver (Aug 22)
- Re: Blocking port 25 outbound Information Security (Aug 22)
- Re: Blocking port 25 outbound Information Security (Aug 22)
- Re: Blocking port 25 outbound Trevor J Corbett (Aug 22)
- Re: Blocking port 25 outbound Christopher E. Cramer (Aug 22)
- Re: Blocking port 25 outbound Jason Richardson (Aug 22)
- Re: Blocking port 25 outbound Scott Genung (Aug 22)
- Re: Blocking port 25 outbound Matthew Keller (Aug 22)
- Re: Blocking port 25 outbound Information Security (Aug 22)
- Re: Blocking port 25 outbound Michael Sinatra (Aug 22)
- Re: Blocking port 25 outbound John Kristoff (Aug 22)
- Re: Blocking port 25 outbound Chris Steele (Aug 22)
- Re: Blocking port 25 outbound Orlando Richards (Aug 23)
- Re: Blocking port 25 outbound Paul Russell (Aug 23)
- Re: Blocking port 25 outbound Kenneth G. Arnold (Aug 23)