Re: Outbound SMTP

[Dan Oachs <doachs () GAC EDU>]

We block port 25 outbound on all networks. The only computers that can 
use it are our mailservers. If anyone needs to use someone else's SMTP 
server they need to use port 587 or port 465, both of which should be 
encrypted and use authentication. I assume most ISPs have similar 
requirements. We certainly expect that when our users are out and about 
that they will probably have port 25 blocked.

--Dan Oachs
Gustavus Adolphus College


Jenkins, Matthew wrote:
> I am curious how many other schools block outbound SMTP, and if so 
> from which or all networks?
>
> We currently still allow it; however, I see very few legit 
> connections. Usually once a week I find another student who has become 
> malware infected, and have to shut them off until they can prove their 
> computer is clean (unfortunately we don’t have a true NAC as budget 
> does not allow).
>
> The biggest problem is wireless users. I can block MAC addresses, 
> however this ends up taking a lot of time from start to finish (by the 
> time I login to WCS, push the policy to all the controllers, document 
> it, notify our helpdesk team for the incoming phone call they will 
> get, then all those steps in reverse when the computer is cleaned).
>
> I have been considering approaching management to just block all port 
> 25 traffic. My holdback is that I feel bad for anyone that has their 
> own domain somewhere and sends mail through it. We do not allow 
> students to relay SMTP mail through our mail servers.
>
> Thoughts? Thanks for your input,
>
> Matt
>
> *Matthew Jenkins
> *Network/Server Administrator
> Fairmont State University
> Visit us online at www.fairmontstate.edu <http://www.fairmontstate.edu/>

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature