Educause Security Discussion
mailing list archives
Re: blocking port 25 at the border?
From: "Lutzen, Karl F." <kfl () UMR EDU>
Date: Thu, 23 Aug 2007 21:19:55 -0500
With the outbreak of the Bagle virus a few years ago, the only way we
could control the virus outbreak quickly was to block all outbound port
25 traffic. We already had a policy that all inbound mail had to come
through the authorized relay points, so it was easy to allow the relay
IP's and shut everything down. The policy detailing all this came after
Every outbreak of any mail storm, virus, SPAM bots, etc. are now
prevented reaching the Internet, unless, of course, they use our relays.
We have even set up some netflow analysis tools that will alert on
single outbreaks, and page staff if multiple hosts start sending
maildirectly. No black lists for us!
Small proof that viruses can be useful!
Karl F. Lutzen, CISSP
Systems Security Analyst
UMR IT Information Systems Security
kfl () umr edu
Effective Jan. 1, 2008, UMR will become Missouri University of Science
and Technology (Missouri S&T)
From: Bob Bayn [mailto:Bob.Bayn () USU EDU]
Sent: Thursday, August 23, 2007 4:08 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] blocking port 25 at the border?
Do you regulate port 25 at the border?
If so, what is your procedure for allowing an exception
(for a legit email server)?
What administrative approvals were required at your
institution before you could regulate port 25?
IT Security Team
Utah State University