Security Basics mailing list archives
Re: SMTP behind NAT
From: Aaron Howell <aaron_howell () ngenuity-is com>
Date: Mon, 04 May 2009 11:08:35 -0700
Georg Pichler wrote:
It would be convenient if I could send my mail directly - encrypted of course - via a mailserver of my choice.
Convenient for you, or convenient for whomever is in control of the network where you spend most of your free time?
Apart from load balancing, what is the benefit of blocking this traffic? Mail servers on the web have to decide which mail to block and which one to let through anyway, don't they? If I force all mail through my smtp server, don't I just make their problem my problem.
Load balancing really has very little to do with why people block port 25. The more common problem is PCs infected with some sort of malware trying to send spam or replicate their malware infections. By blocking port 25 they limit the avenues of attack, somewhat, making it easier to to keep an eye on traffic. Egress filtering is the network admin's friend! Also, if I force most mail exiting my network through a single source, I can apply whatever content filtering I want to. This can be useful in blocking attachments, filtering blatant spam, etc. Certainly other mail servers make decisions regarding what to accept and what to reject, but if I can limit the garbage leaving my network, they don't have to work quite as hard.
Best Regards, Georg
Hope this was helpful, -- Aaron Howell nGenuity Information Services 509-396-2075 x6000 http://www.ngenuity-is.com ------------------------------------------------------------------------ This list is sponsored by: InfoSec Institute Learn all of the latest penetration testing techniques in InfoSec Institute's Ethical Hacking class. Totally hands-on course with evening Capture The Flag (CTF) exercises, Certified Ethical Hacker and Certified Penetration Tester exams, taught by an expert with years of real pen testing experience. http://www.infosecinstitute.com/courses/ethical_hacking_training.html ------------------------------------------------------------------------
Current thread:
- SMTP behind NAT Georg Pichler (May 01)
- RE: SMTP behind NAT Michael.Randazzo (May 01)
- Re: SMTP behind NAT Laurens Vets (May 01)
- Message not available
- Re: SMTP behind NAT Georg Pichler (May 04)
- Re: SMTP behind NAT Aaron Howell (May 04)
- RE: SMTP behind NAT Murda Mcloud (May 05)
- Re: SMTP behind NAT Georg Pichler (May 06)
- RE: SMTP behind NAT Murda Mcloud (May 06)
- RE: SMTP behind NAT David Gillett (May 07)
- RE: SMTP behind NAT Murda Mcloud (May 07)
- RE: SMTP behind NAT Tariq Naik (May 08)
- Re: SMTP behind NAT bartlettNSF (May 11)
- Re: SMTP behind NAT Georg Pichler (May 04)
- <Possible follow-ups>
- Re: SMTP behind NAT Rob Taylor (May 01)
- Re: SMTP behind NAT krymson (May 07)