[unisog] Port 25 blocking - on the
wm63 at cornell.edu
Fri Apr 29 20:02:07 GMT 2005
-----BEGIN PGP SIGNED MESSAGE-----
OK, is the issue blocking SMTP from certain areas of your *own* network or
a reaction to other people blocking SMTP from *theirs*?
['our cable modems' == 'the dorms', generally?]
If the former, simply requiring SMTP AUTH over TLS should keep things nice
and civilized, until the viruses/worms/badness figure out how to recover
the credentials users will inevitably cache.
If the latter, you're at the mercy of the owners of the remote network. If
they don't want to pass SMTP, they don't have to.
In my previous e-mail admin life, we (Rice) hit the first issue a few years
ago with a block as described above. The second issue always seemed to
plague traveling VIPs, always on a Friday, and was always an emergency.
- --On Friday, April 29, 2005 2:39 PM -0500 Paul Russell <prussell at nd.edu>
> On 4/29/2005 10:44 AM, Paul Ryan wrote:
>> Hi - I am doing a study on blocking port 25 outbound on our cable modems
>> with the exceptions of approved mail servers. What techniques are used by
>> the colleges/universities to workaround this - port 587,465,webmail etc ?
> We block outbound port 25 connection requests from all but a short list of
> known mail servers. Our central mail servers support authenticated SMTP
> via TLS on ports 25 and 587, authenticated SMTP via SSL on port 465,
> via HTTPS on port 443. Our users also have the option of establishing a
> connection to our network.
> Paul Russell
> Senior Systems Administrator
> OIT Messaging Services Team
> University of Notre Dame
> unisog mailing list
> unisog at lists.sans.org
Senior Security Engineer
Cornell University, Ithaca, NY
-----BEGIN PGP SIGNATURE-----
Version: Mulberry PGP Plugin v3.0
Comment: processed by Mulberry PGP Plugin
-----END PGP SIGNATURE-----
More information about the unisog