Educause Security Discussion mailing list archives
Re: Blocking port 25 outbound
From: "Kenneth G. Arnold" <bkarnold () CBU EDU>
Date: Tue, 23 Aug 2005 11:10:30 -0500
Except for traffic coming from the official university mail servers, we have blocked all outbound traffic destined for port 25 for several years now. The Klez virus was the main reason originally for doing this. Once a machine got infected, it started to send out massive amounts of email. Blocking this port prevented the infected machine from spreading the virus outside of the campus. I set up a rule in Snort to detect any attempt to send email off campus from unauthorized machines and then snort gave me a list of the potentially infected machines. The reason today is primarily to prevent spam from leaving the campus. The unix machines are set up as null clients to relay any email they generate to the central email server for processing. The central server checks the email for viruses/worms and then sends it out while logging everything. This doesn't prevent spam from being sent but at least it makes a record of which machine is doing it. We have also blocked all incoming traffic destined for port 25 except for traffic to our official university mail server. This stopped machines on our campus from being blacklisted. Incoming email is checked for spam and checked for viruses/worms using two different antivirus programs. At 02:29 PM 8/22/2005, you wrote:
Hello out there, We are considering blocking all port 25 traffic outbound. We have noted various ISP's and others moving to block port 25 outbound to reduce "spamming". We wish to be good "netizens" Have any of you done this already and what has been the push back of issues related to implementation on your campus? Regards, Joseph A. Lazor Florida Sate University
Brother Kenneth Arnold System Administrator Information Technology Services Christian Brothers University (901) 321-4333
Current thread:
- Re: Blocking port 25 outbound, (continued)
- Re: Blocking port 25 outbound Christopher E. Cramer (Aug 22)
- Re: Blocking port 25 outbound Jason Richardson (Aug 22)
- Re: Blocking port 25 outbound Scott Genung (Aug 22)
- Re: Blocking port 25 outbound Matthew Keller (Aug 22)
- Re: Blocking port 25 outbound Information Security (Aug 22)
- Re: Blocking port 25 outbound Michael Sinatra (Aug 22)
- Re: Blocking port 25 outbound John Kristoff (Aug 22)
- Re: Blocking port 25 outbound Chris Steele (Aug 22)
- Re: Blocking port 25 outbound Orlando Richards (Aug 23)
- Re: Blocking port 25 outbound Paul Russell (Aug 23)
- Re: Blocking port 25 outbound Kenneth G. Arnold (Aug 23)