Educause Security Discussion mailing list archives
Re: blocking port 25 at the border?
From: Randy Marchany <marchany () CANDI2 CIRT VT EDU>
Date: Thu, 23 Aug 2007 17:50:38 -0400
Do you regulate port 25 at the border? If so, what is your procedure for >
allowing an exception (for a legit email server)?
What administrative approvals were required at your institution before you >
could regulate port 25? We don't regulate port 25 at the border. We've been scanning email sent to the central email servers for virus/trojan horses/spam since 2001. We've intercepted ~47 million inbound emails since then. Clearly, this is a worthwhile The security risk is an improperly configured email server and NOT the fact that the email server exists. A lot of institutions throw up their hands trying to "secure" campus email servers and pick the easy way out which is "write a policy that restricts email servers". There are a thousand reasons to allow email servers on campus. There is only 1 to restrict them - insecure systems allowing email services to be abused (relays, spam, etc.). This single reason shouldn't be used except for repeated offenses. Scanning for vulnerable email servers, providing guidelines/checklists for proper configuration of email servers, user and sysadmin awareness programs as a package provide adequate controls to the misconfigured email server threat. Why not restrict email servers? In times of crisis (we had one recently) or cyber/virus attacks, central services can get overwhelmed. You might wind up opening up email services to everyone on campus and discover that the world didn't end :-). Workstation based email servers provide an out-of-band communication channel. They may or may not be the official "registered" email servers and in crisis mode, forcing mgt of email servers is time wasted. When MyDoom hit us in 2004, it took 60 hours to clear the central email servers. The responders used out-of-band email services to communicate with each other. Just my .02. -Randy Marchany VA Tech IT Security Lab VA Tech Blacksburg, VA 24060 540-231-9523 marchany () vt edu http://security.vt.edu
Current thread:
- blocking port 25 at the border? Bob Bayn (Aug 23)
- <Possible follow-ups>
- Re: blocking port 25 at the border? Mark Borrie (Aug 23)
- Re: blocking port 25 at the border? Gary Flynn (Aug 23)
- Re: blocking port 25 at the border? Randy Marchany (Aug 23)
- Re: blocking port 25 at the border? Gary Flynn (Aug 23)
- Re: blocking port 25 at the border? Dave Koontz (Aug 23)
- Re: blocking port 25 at the border? H. Morrow Long (Aug 23)
- Re: blocking port 25 at the border? Mark Borrie (Aug 23)
- Re: blocking port 25 at the border? Kenneth Arnold (Aug 23)
- Re: blocking port 25 at the border? Lutzen, Karl F. (Aug 23)
- Re: blocking port 25 at the border? Matthew Keller (Aug 23)
- Re: blocking port 25 at the border? Curt Wilson (Aug 24)