Educause Security Discussion mailing list archives
Re: Outbound SMTP
From: Morrow Long <morrow.long () YALE EDU>
Date: Fri, 25 Apr 2008 09:30:54 -0400
We block all SMTP traffic inbound and outbound.We did this a few years ago. We put in exceptions for all known legit mail servers on campus and created a website to request outbound and/or inbound SMTP exceptions by registering an email server.
Primarily we recommend that any group which needs to run their own email server work with ITS to set up MX records to relay inbound email through our mail relays and send outbound email through them as well.
TCP ports 465 and 587 are not blocked. Morrow H. Morrow Long University Information Security Officer Director - Information Security Office On Apr 25, 2008, at 9:13 AM, Jenkins, Matthew wrote:
I am curious how many other schools block outbound SMTP, and if so from which or all networks?We currently still allow it; however, I see very few legit connections. Usually once a week I find another student who has become malware infected, and have to shut them off until they can prove their computer is clean (unfortunately we don’t have a true NAC as budget does not allow).The biggest problem is wireless users. I can block MAC addresses, however this ends up taking a lot of time from start to finish (by the time I login to WCS, push the policy to all the controllers, document it, notify our helpdesk team for the incoming phone call they will get, then all those steps in reverse when the computer is cleaned).I have been considering approaching management to just block all port 25 traffic. My holdback is that I feel bad for anyone that has their own domain somewhere and sends mail through it. We do not allow students to relay SMTP mail through our mail servers.Thoughts? Thanks for your input, Matt Matthew Jenkins Network/Server Administrator Fairmont State University Visit us online at www.fairmontstate.edu
Attachment:
smime.p7s
Description:
Current thread:
- Outbound SMTP Jenkins, Matthew (Apr 25)
- <Possible follow-ups>
- Re: Outbound SMTP Di Fabio, Andrea (Apr 25)
- Re: Outbound SMTP Babb, Robert (Apr 25)
- Re: Outbound SMTP Dan Oachs (Apr 25)
- Re: Outbound SMTP Morrow Long (Apr 25)
- Re: Outbound SMTP Tim Cantin (Apr 25)
- Re: Outbound SMTP Kenneth Arnold (Apr 25)
- Re: Outbound SMTP Halliday,Paul (Apr 25)
- Re: Outbound SMTP Gary Flynn (Apr 25)
- Re: Outbound SMTP Childs, Aaron (Apr 25)
- Re: Outbound SMTP Kreider, Randall G (Apr 25)
- Re: Outbound SMTP Barros, Jacob (Apr 25)
- Re: Outbound SMTP Kreider, Randall G (Apr 25)
- Re: Outbound SMTP Kreider, Randall G (Apr 25)
- Re: Outbound SMTP Jeff Kell (Apr 25)
(Thread continues...)