Educause Security Discussion mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Blocking port 25 outbound

From: Information Security <infosecurity () UTPA EDU>
Date: Mon, 22 Aug 2005 15:27:09 -0500
Michael Halm wrote:


We don't exactly block port 25. We have a list of authorized mail
servers. If any other host sends on port 25, the traffic is forwarded
to our box and an e-mail is sent to the sender explaining the
procedure to get their mail server authorized. Our NOC is notified and
we sniff to see if the mail is spam. Then we track down and contact
the owner of the box.



We made an initial effort to identify all our smtp servers before we
went live. Once we added the few we missed this system has made our
lives a lot easier. And we are better netizens as well.



How do you do the forwarding?  I'ld like to do that.  Is it possible
with just a plain Cisco router?

(We tried this two years back with our lightspeed device, but it was too
buggy - the final packet
of every TCP connection never got ACK'd and the entire exchange would
re-send, overflowing
our mail queues :-(  Didn't know enough about how to use the Cisco to do
it instead. )

Graham
Previous By Date Next
Previous By Thread Next

Current thread: