Re: Blocking port 25 outbound

["Kenneth G. Arnold" <bkarnold () CBU EDU>]

Except for traffic coming from the official university mail servers, we
have blocked all outbound traffic destined for port 25 for several years
now.  The Klez virus was  the main reason originally for doing this.  Once
a machine got infected, it started to send out massive amounts of
email.  Blocking this port prevented the infected machine from spreading
the virus outside of the campus.  I set up a rule in Snort to detect any
attempt to send email off campus from unauthorized machines and then snort
gave me a list of the potentially infected machines.  The reason today is
primarily to prevent spam from leaving the campus.  The unix machines are
set up as null clients to relay any email they generate to the central
email server for processing.  The central server checks the email for
viruses/worms and then sends it out while logging everything.  This doesn't
prevent spam from being sent but at least it makes a record of which
machine is doing it.

We have also blocked all incoming traffic destined for port 25 except for
traffic to our official university mail server.  This stopped  machines on
our campus from being blacklisted.  Incoming email is checked for spam and
checked for viruses/worms using two different antivirus programs.

At 02:29 PM 8/22/2005, you wrote:
> Hello out there,
>
> We are considering blocking all port 25 traffic outbound.  We have noted
> various ISP's and others moving to block port 25 outbound to reduce
> "spamming".  We wish to be good "netizens"
> Have any of you done this already and what has been the push back of
> issues related to implementation on your campus?
>
> Regards,
>
> Joseph A. Lazor
> Florida Sate University


Brother Kenneth Arnold
System Administrator
Information Technology Services
Christian Brothers University
(901) 321-4333