[unisog] Port 25 blocking - on the

Wyman Miles wm63 at cornell.edu
Fri Apr 29 20:02:07 GMT 2005

Hash: SHA1

OK, is the issue blocking SMTP from certain areas of your *own* network or 
a reaction to other people blocking SMTP from *theirs*?

['our cable modems' == 'the dorms', generally?]

If the former, simply requiring SMTP AUTH over TLS should keep things nice 
and civilized, until the viruses/worms/badness figure out how to recover 
the credentials users will inevitably cache.

If the latter, you're at the mercy of the owners of the remote network.  If 
they don't want to pass SMTP, they don't have to.

In my previous e-mail admin life, we (Rice) hit the first issue a few years 
ago with a block as described above.  The second issue always seemed to 
plague traveling VIPs, always on a Friday, and was always an emergency.


- --On Friday, April 29, 2005 2:39 PM -0500 Paul Russell <prussell at nd.edu> 

> On 4/29/2005 10:44 AM, Paul Ryan wrote:
>> Hi - I am doing a study on blocking port 25 outbound on our cable modems
>> with the exceptions of approved mail servers. What techniques are used by
>> the colleges/universities to workaround this - port 587,465,webmail etc ?
> We block outbound port 25 connection requests from all but a short list of
> known mail servers. Our central mail servers support authenticated SMTP
> via TLS on ports 25 and 587, authenticated SMTP via SSL on port 465,
> webmail
> via HTTPS on port 443. Our users also have the option of establishing a
> connection to our network.
> --
> Paul Russell
> Senior Systems Administrator
> OIT Messaging Services Team
> University of Notre Dame
> _______________________________________________
> unisog mailing list
> unisog at lists.sans.org
> http://www.dshield.org/mailman/listinfo/unisog

Wyman Miles
Senior Security Engineer
Cornell University, Ithaca, NY
(607) 255-8421
Version: Mulberry PGP Plugin v3.0
Comment: processed by Mulberry PGP Plugin


More information about the unisog mailing list