Security Basics mailing list archives

RE: SMTP behind NAT

From: <Michael.Randazzo () energyfutureholdings com>
Date: Fri, 1 May 2009 09:57:57 -0500

Viruses that spread via e-mail used to rely on the infected machine's
default mail gateway to propagate messages. As e-mail server creators
and administrators have improved security, malware authors have changed
tactics and often simply create their own mini e-mail servers on
infected machines to distribute messages.

In a corporate network environment, it should be fairly easy to identify
the authorized e-mail servers. To protect your network from rogue mail
servers spreading viruses, you should block outbound traffic on TCP port
25, the default SMTP port, except from the known SMTP gateways at the
router level.

Mike

-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com]
On Behalf Of Georg Pichler
Sent: Sunday, April 26, 2009 2:59 PM
To: security-basics () securityfocus com
Subject: SMTP behind NAT

Hi Guys.

I'm currently in a nat environment, where outbound connections to smtp
and
smtps are blocked by a firewall. You are therefore forced (unless using
vpn or
something alike) to send mail via a local smtp server. I was wondering
whether
there is any sense in blocking these connections.
What does the administrator gain by forcing everybody to a local open
smtp
server? Can you avoid being put on some kind of blacklist by these
means?

I would very much appreciate an answer. Thanks in advance.

Best regards,
Georg Pichler

Confidentiality Notice: This email message, including any attachments, 
contains or may contain confidential information intended only for the 
addressee. If you are not an intended recipient of this message, be 
advised that any reading, dissemination, forwarding, printing, copying
or other use of this message or its attachments is strictly prohibited. If
you have received this message in error, please notify the sender 
immediately by reply message and delete this email message and any
attachments from your system.

------------------------------------------------------------------------
This list is sponsored by: InfoSec Institute

Learn all of the latest penetration testing techniques in InfoSec Institute's Ethical Hacking class.
Totally hands-on course with evening Capture The Flag (CTF) exercises, Certified Ethical Hacker and Certified 
Penetration Tester exams, taught by an expert with years of real pen testing experience.

http://www.infosecinstitute.com/courses/ethical_hacking_training.html
------------------------------------------------------------------------

Current thread:

SMTP behind NAT Georg Pichler (May 01)
- RE: SMTP behind NAT Michael.Randazzo (May 01)
- Re: SMTP behind NAT Laurens Vets (May 01)
- Message not available
  - Re: SMTP behind NAT Georg Pichler (May 04)
    - Re: SMTP behind NAT Aaron Howell (May 04)
    - RE: SMTP behind NAT Murda Mcloud (May 05)
    - Re: SMTP behind NAT Georg Pichler (May 06)
    - RE: SMTP behind NAT Murda Mcloud (May 06)
    - RE: SMTP behind NAT David Gillett (May 07)
    - RE: SMTP behind NAT Murda Mcloud (May 07)
    - RE: SMTP behind NAT Tariq Naik (May 08)
    - Re: SMTP behind NAT bartlettNSF (May 11)

(Thread continues...)