Re: Outbound SMTP

["Di Fabio, Andrea" <adifabio () NSU EDU>]

We only allow authorized mail server to make outbound SMTP connections and
block all other outbound SMTP to avoid being listed by DNSBL or other SMAPBL



Andrea Di Fabio

Information Security Officer

High Performance Computing Technology Coordinator

Norfolk State University

Office of Information Technology

Marie V. McDemmond Center for Applied Research, Rm 401F

555 Park Avenue, Suite 401

Norfolk, Virginia 23504

757-823-2896 Office

757-823-2128 Fax



From: The EDUCAUSE Security Constituent Group Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Jenkins, Matthew
Sent: Friday, April 25, 2008 9:14 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Outbound SMTP



I am curious how many other schools block outbound SMTP, and if so from
which or all networks?



We currently still allow it; however, I see very few legit connections.
Usually once a week I find another student who has become malware infected,
and have to  shut them off until they can prove their computer is clean
(unfortunately we don't have a true NAC as budget does not allow).



The biggest problem is wireless users.  I can block MAC addresses, however
this ends up taking a lot of time from start to finish (by the time I login
to WCS, push the policy to all the controllers, document it, notify our
helpdesk team for the incoming phone call they will get, then all those
steps in reverse when the computer is cleaned).



I have been considering approaching management to just block all port 25
traffic.  My holdback is that I feel bad for anyone that has their own
domain somewhere and sends mail through it.  We do not allow students to
relay SMTP mail through our mail servers.



Thoughts?  Thanks for your input,



Matt



Matthew Jenkins
Network/Server Administrator
Fairmont State University
Visit us online at  <http://www.fairmontstate.edu/> www.fairmontstate.edu

Attachment: smime.p7s
Description: