Educause Security Discussion mailing list archives
Re: Outbound SMTP
From: Michael Sinatra <michael () RANCID BERKELEY EDU>
Date: Fri, 25 Apr 2008 10:59:10 -0700
Jenkins, Matthew wrote:
Randall, you are having a bad day!Well, I have not received a single response saying “we allow outbound smtp.” I appreciate the feedback from everyone.
We allow outbound SMTP.We do not believe in blocking ports wholesale at the border unless absolutely necessary and we set a high bar for what constitutes "absolutely necessary." Instead, we enforce minimum standards for the security of hosts to prevent them from being compromised in the first place, we automate the process of blocking hosts and/or users on our wired, wireless, VPN, and even dial-up networks (including documentation of what's blocked and why), and we carefully monitor network traffic (not contents) for anomalies. We are able to react quickly when hosts become compromised, but the problem of SPAMbots is still a small one for us.
I don't think that blocking ports at the border benefits too many people other than security officers. It clearly imposes costs on campus researchers. UC Berkeley is where sendmail, the first SMTP MTA (and still the most popular) was developed. The security record of that software speaks to the era in which it was developed (yet the track record of its developers in fixing those problems is quite admirable). Nevertheless I can't help but imagine what new software and new innovations are being developed on our campuses that we are stifling because of well-intentioned security policies.
Joe may have disclaimed that his opinions are his own, but I hear them echoed over and over again, not just by Deke, but by our own researchers. I'd rather work with them than against them.
michael
Current thread:
- Re: Outbound SMTP, (continued)
- Re: Outbound SMTP Basgen, Brian (Apr 25)
- Re: Outbound SMTP Michael Van Norman (Apr 25)
- Re: Outbound SMTP Stephen John Smoogen (Apr 25)
- Re: Outbound SMTP Deke Kassabian (Apr 25)
- Re: Outbound SMTP David Lundy (Apr 25)
- Re: Outbound SMTP Jenkins, Matthew (Apr 25)
- Re: Outbound SMTP Roger Safian (Apr 25)
- Re: Outbound SMTP ken lindahl (Apr 25)
- Re: Outbound SMTP Don Nightingale (Apr 25)
- Re: Outbound SMTP Michael Van Norman (Apr 25)
- Re: Outbound SMTP Michael Sinatra (Apr 25)
- Re: Outbound SMTP Joel Rosenblatt (Apr 25)
- Re: Outbound SMTP Basgen, Brian (Apr 25)
- Re: Outbound SMTP Jason S. Cash (Apr 25)
- Re: Outbound SMTP Michael Sinatra (Apr 25)
- Re: Outbound SMTP Michael Sinatra (Apr 25)
- Re: Outbound SMTP Joe St Sauver (Apr 25)
- Re: Outbound SMTP Scholz, Greg (Apr 25)
- Re: Outbound SMTP Halliday,Paul (Apr 25)
- Re: Outbound SMTP John Kristoff (Apr 28)
- Re: Outbound SMTP Tim Cantin (Apr 28)
(Thread continues...)