Re: Outbound SMTP

[Tim Cantin <tcantin () WELLESLEY EDU>]

Joe St Sauver [joe () oregon uoregon edu] wrote:

> 1) Even if you block port 25 traffic, the host is still infested
...
> 5) Blocking port 25 (only) is a point solution to a more general problem

All excellent points, Joe! But I don't think anyone specifically said that
was ALL they were doing; I certainly didn't. :) I agree that there must be
other systems in place for checking desktops and identifying nastiness on
your networks.

Fwiw, port 25 is the only outbound traffic we block. This "cough syrup"
helps to limit the symptoms while the cause is properly identified and
addressed. When administered correctly it controls the effects of the
problem so as to not annoy others as much. Blocking port 25 in our situation
seemed like the polite thing to do for the rest of the Internet who was
occasionally getting flooded with spam from infected hosts within our
network. Hosts still get infected here, sure, though not nearly as often now
that we have a NAC setup which is enforcing the mandatory use of anti-virus
software and Windows updates.

-Tim

---
Tim Cantin, Senior Network Engineer
Wellesley College, IS/Technology Infrastructure Group
223 Simpson Hall East, 106 Central Street
Wellesley, Massachusetts 02481-8203
http://www.wellesley.edu/~tcantin/
phone: (781)283-3520 fax: (781)283-3682