Re: Blocking port 25 outbound

[Information Security <infosecurity () UTPA EDU>]

Lazor, Joseph wrote:

> Hello out there,
>
>
>
> We are considering blocking all port 25 traffic outbound.  We have
> noted various ISP's and others moving to block port 25 outbound to
> reduce "spamming".  We wish to be good "netizens"
>
> Have any of you done this already and what has been the push back of
> issues related to implementation on your campus?

no pushback, wish we'd done it years ago.  What was harder to organise
was blocking
incoming port 25 except to supported mail servers.  We're doing that one
at the end
of this month in fact.  you'ld have thought that would have been the
easier one to arrange...

You do need to set up a sniffer and monitor for *attempted* outbound
port 25 connections.
Almost always is an indication of a virus.  Very occasionally it's a
student suckered into
a 'spammer for hire' scheme.  Only a few will be misconfigured
road-warrior portables
trying to send to their own ISPs.  Hopefully as time goes on, those
machines will
be configured to use the alternative ports which the authenticated SMTP
connections
prefer.

No point in monitoring for *incoming* port 25 attempts, you'd spend the
rest of your
life following them up.  Spammer bots scan your IP range all the damn
time looking for
badly configured machines to relay through.

Graham