Security Basics mailing list archives
RE: SMTP behind NAT
From: "Murda Mcloud" <murdamcloud () bigpond com>
Date: Wed, 6 May 2009 10:51:00 +1000
Ahh, now I'm beginning to understand
I personally use a VPN connection to send my mail. I was just wondering what could be the point in enforcing these firewall rules.
Well, if it were my network then I would also want to control, filter and monitor egress as well as ingress. But then I have become more paranoid in my old age. Even at home I do that-I filter both ingoing and outgoing. One reason being that I want to make sure that if Trojans etc are active in my network then I have a greater chance of noticing and taking appropriate action. I guess at heart I'm a 'default deny' type of guy. If I just had an 'allow-outgoing-any to any' type of rule then I couldn't track any potential problems. Also, I wouldn't fancy letting an smtp server be an open relay from behind a network either but that's because I can't see a business case for it where I am. Perhaps there is a 'college/student' case for it where you are(?) To be honest, I'm now wondering why they would block access to external smtp servers if they allow their own one to be an open relay. Not really sure what the overall stance is aiming for. If they're aiming for convenience(like with the open relay) then why not allow you to access some other servers on 25? I'd be interested in their answer if you ever get one. Maybe they had some default rules and just never really modified them? Or it's easy for them to do what they need and they don't care too much about the students? All conjecture on my part. ------------------------------------------------------------------------ This list is sponsored by: InfoSec Institute Learn all of the latest penetration testing techniques in InfoSec Institute's Ethical Hacking class. Totally hands-on course with evening Capture The Flag (CTF) exercises, Certified Ethical Hacker and Certified Penetration Tester exams, taught by an expert with years of real pen testing experience. http://www.infosecinstitute.com/courses/ethical_hacking_training.html ------------------------------------------------------------------------
Current thread:
- SMTP behind NAT Georg Pichler (May 01)
- RE: SMTP behind NAT Michael.Randazzo (May 01)
- Re: SMTP behind NAT Laurens Vets (May 01)
- Message not available
- Re: SMTP behind NAT Georg Pichler (May 04)
- Re: SMTP behind NAT Aaron Howell (May 04)
- RE: SMTP behind NAT Murda Mcloud (May 05)
- Re: SMTP behind NAT Georg Pichler (May 06)
- RE: SMTP behind NAT Murda Mcloud (May 06)
- RE: SMTP behind NAT David Gillett (May 07)
- RE: SMTP behind NAT Murda Mcloud (May 07)
- RE: SMTP behind NAT Tariq Naik (May 08)
- Re: SMTP behind NAT bartlettNSF (May 11)
- Re: SMTP behind NAT Georg Pichler (May 04)
- <Possible follow-ups>
- Re: SMTP behind NAT Rob Taylor (May 01)
- Re: SMTP behind NAT krymson (May 07)