Re: Outbound SMTP

[Joey Rego <jrego () LYNN EDU>]

We Deny it.  Only allow SMTP for out Mail servers to send and receive. 

 

From: The EDUCAUSE Security Constituent Group Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Jenkins, Matthew
Sent: Friday, April 25, 2008 11:39 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Outbound SMTP

 

We are currently rate limiting SMTP traffic way down (as low as the
Packeteer would allow) for non-servers.  We found this helped, but has
definitely has not stopped the issue.  Mobile users were definitely a
thought in my mind.  I use IPAudit to log connections over time and
going back I can't see where there have been but a handful of what
appear to be legit connections.  However, I suppose that depends on the
number of users in the institution.

 

Matt

 

Matthew Jenkins
Network/Server Administrator
Fairmont State University
Visit us online at www.fairmontstate.edu <http://www.fairmontstate.edu/>


 

From: The EDUCAUSE Security Constituent Group Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Jeff Kell
Sent: Friday, April 25, 2008 11:12 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Outbound SMTP

 

Kreider, Randall G wrote: 

Blocking SMTP outbound would break anyone that has their machine
configured to route mail through an external SMTP server.  The response
that talks about relaying is not saying anything glamorous about
capturing and rerouting traffic.  They were simply saying that they
allow students to directly submit SMTP mail to their servers and then
relay it out for them.  We already do that.  Our recommended
configuration for POP or IMAP is to use smtp.etown.edu as the designated
SMTP server.


We rate limit SMTP outbound from anything other than our official
gateways.  This seems like a working compromise after having numerous
complaints from laptop users that had their agents setup to use their
"home" services.

We don't limit mail submission (587) or secure SMTP (465).

Jeff