Home page logo

educause logo Educause Security Discussion mailing list archives

Re: blocking port 25 at the border?
From: "Lutzen, Karl F." <kfl () UMR EDU>
Date: Thu, 23 Aug 2007 21:19:55 -0500

With the outbreak of the Bagle virus a few years ago, the only way we
could control the virus outbreak quickly was to block all outbound port
25 traffic. We already had a policy that all inbound mail had to come
through the authorized relay points, so it was easy to allow the relay
IP's and shut everything down. The policy detailing all this came after
the fact.

Every outbreak of any mail storm, virus, SPAM bots, etc. are now
prevented reaching the Internet, unless, of course, they use our relays.
We have even set up some netflow analysis tools that will alert on
single outbreaks, and page staff if multiple hosts start sending
maildirectly. No black lists for us!

Small proof that viruses can be useful!

Karl F. Lutzen, CISSP
Systems Security Analyst
UMR IT Information Systems Security
kfl () umr edu 

Effective Jan. 1, 2008, UMR will become Missouri University of Science
and Technology (Missouri S&T)

-----Original Message-----
From: Bob Bayn [mailto:Bob.Bayn () USU EDU] 
Sent: Thursday, August 23, 2007 4:08 PM
Subject: [SECURITY] blocking port 25 at the border?

Do you regulate port 25 at the border?
If so, what is your procedure for allowing an exception
(for a legit email server)?
What administrative approvals were required at your
institution before you could regulate port 25?

Bob Bayn
IT Security Team
Utah State University
Logan, UT

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]