Re: blocking port 25 at the border?

[Dave Koontz <dkoontz () MBC EDU>]

Ditto for us, just not for quite as long.  No unauthorized server nor PC
can send email directly. Perhaps just an advantage of a smaller college
where we can set policy for the entire campus.  A comedy of events made
this fairly easy to explain to our campus members, first our Admissions
mailer got blacklisted on several sites, next a fake email pretending to
be one of our administrators was sent out.  During the cleanup, we were
then able to easily sell the concept of secure SMTP AUTH for normal
campus email, and requiring proper registration of any other mailer.
The advent of SPF, DK, DKIM, etc. helped even more as we then were in a
position of having to authorize our senders via DNS (no we don't approve
our entire IP space).

Gary, in terms of anti-spam and Storm Worm, we use a combination of Spam
Assassin and ClamAV.  I believe most products like Baracuda and
Mirapoint use those as their underlying aniti-spam technology.  ClamAV
is great at catching 'phishing' scams, but with the inclusion of Sane
Security's rules, it will catch most of the storm worm, greeting card
junk.  See:

http://sanesecurity.co.uk/
and
http://sanesecurity.blogspot.com/

Let me know if you have any questions!

Dave Koontz
Associate Director CIS
Mary Baldwin College
Staunton, VA

Gary Flynn wrote:
> Bob,
>
> We're set up much like Mark described below and have been for a
> similar amount of time.
>
> There is no set policy or procedure for exceptions but there
> has been only one request for the past several years so it
> hasn't been an issue.
>
> I can't recall what we went through to implement the change. We did
> not have very many independent email servers at the time so that
> helped a lot. We grandfathered the ones we could identify through
> the policy change and they've slowly come into the fold over time.
> The change may also have coincided with the introduction of a new
> mail system which might have helped client migration.
>
>
> P.S. Regarding the Storm worm SPAM follow up question I introduced.
> I apologize for changing the subject of the thread without actually
> changing  the subject line. I try not to do that.
>
> Mark Borrie wrote:
> > We have managed port 25 at the border for about 8 years. Only central
> > mailhubs are visible from outside. No local systems can send out on 25.
> >
> > All mail domains are centrally registered and MXed to the incoming
> > hubs, which then route mail onto the mail servers.  Registered
> > services smart relay outgoing mail to the outwards hub service. Local
> > clients must use an on campus smtp host.
> >
> > We initially set this up to stop open relays and other problems with
> > unpatched sendmail servers. Now virus and spam management are the
> > prime drivers. Interestingly, we are not seeing any impact from the
> > Storm worm. Our spam system must be catching the majority of the
> > incoming and we are not seeing locally infected systems (they could
> > be there but they cant send out and are probably trying to send
> > directly anyway).
> >
> > Mark
> >
> > Bob Bayn wrote:
> > > Do you regulate port 25 at the border?
> > > If so, what is your procedure for allowing an exception
> > > (for a legit email server)?
> > > What administrative approvals were required at your
> > > institution before you could regulate port 25?
> > >
> > > Bob Bayn
> > > IT Security Team
> > > Utah State University
> > > Logan, UT