Re: Outbound SMTP

[Kenneth Arnold <bkarnold () CBU EDU>]

Christian Brothers University blocks all SMTP traffic both outbound and
inbound except traffic coming from or going to the official mail servers
for the school at the firewall.  We do allow students to relay SMTP mail
through our mail servers however.
Br. Kenneth Arnold



Jenkins, Matthew wrote:
> I am curious how many other schools block outbound SMTP, and if so
> from which or all networks?
>
>
>
> We currently still allow it; however, I see very few legit
> connections.  Usually once a week I find another student who has
> become malware infected, and have to  shut them off until they can
> prove their computer is clean (unfortunately we don't have a true NAC
> as budget does not allow).
>
>
>
> The biggest problem is wireless users.  I can block MAC addresses,
> however this ends up taking a lot of time from start to finish (by the
> time I login to WCS, push the policy to all the controllers, document
> it, notify our helpdesk team for the incoming phone call they will
> get, then all those steps in reverse when the computer is cleaned).
>
>
>
> I have been considering approaching management to just block all port
> 25 traffic.  My holdback is that I feel bad for anyone that has their
> own domain somewhere and sends mail through it.  We do not allow
> students to relay SMTP mail through our mail servers.
>
>
>
> Thoughts?  Thanks for your input,
>
>
>
> Matt
>
>
>
> *Matthew Jenkins
> *Network/Server Administrator
> Fairmont State University
> Visit us online at www.fairmontstate.edu <http://www.fairmontstate.edu/>

--

Brother Kenneth Arnold
Director of Network Systems
Christian Brothers University
(901) 321-4333