[unisog] Port 25 blocking - on the

Frank Sweetser fs at WPI.EDU
Fri Apr 29 18:33:12 GMT 2005


On Fri, Apr 29, 2005 at 11:44:50AM -0400, Paul Ryan wrote:
> Hi - I am doing a study on blocking port 25 outbound on our cable modems
> with the exceptions of approved mail servers. What techniques are used by
> the colleges/universities to workaround this - port 587,465,webmail etc ?

We block all outgoing 25 here, primarily to deal with zombie machines blasting
out spam.  Our recommended solution for machines to send mail out is to require
them to use the approved campus mail server, which (along with a virus scanner)
has some custom heuristics on it that trigger mail blocks for any machines that
go over certain limits.

submission and smtps ports haven't given us any problems, so we haven't blocked
them yet.

-- 
Frank Sweetser fs at wpi.edu  | For every problem, there is a solution that
WPI Network Engineer          | is simple, elegant, and wrong. - HL Mencken
GPG fingerprint = 6174 1257 129E 0D21 D8D4  E8A3 8E39 29E3 E2E8 8CEC


More information about the unisog mailing list