[unisog] sendmail vulnerability / impact
Gerald N Flynn
flynngn at jmu.edu
Fri Mar 7 17:40:25 GMT 2003
Robin Anderson wrote:
> So here goes:
> 1) Has anyone else summarily blocked port 25 traffic (in or out) for
> their ResNet?
We did this for the entire campus, not just RESNET, a year ago.
There are about ten exceptions for departmental mail servers.
> b) If you HAVE blocked port 25, do you have any data to support it as a
> good decision? (I know it's hard to prove a negative and that "we
> haven't been hacked, so it must be working" is sometimes the best we
> can offer.) Any complaints?
A few complaints at first. I'd reword the first question as:
"If you HAVE blocked port 25, do you have any data to support
it as a bad decision? "
In that case, I'd say "no". ;)
Security Engineer - Technical Services
James Madison University
More information about the unisog