[Mimedefang] Security note: Open port 25 on internal mail servers
Lucas Albers
admin at cs.montana.edu
Wed Feb 4 18:08:42 EST 2004
David F. Skoll said:
> 3) Even if you don't have MX or A records pointing to internal mail
> servers, you should firewall off port 25 on internal mail servers from
> the outside world. We've seen instances of the MyDoom virus bypassing
> the MIMEDefang machine by port-scanning for something listening on
> port 25.
>
> The basic guiding principle: Do not permit any path for Internet
> e-mail to bypass your MIMEDefang machine.
I would like to firewall off access to an internal mail server, but my
clients from off campus use it to send mail...
This would work:
Allow authenticated and local users to send mail through it but refuse all
other mail through it. Configure it so external mailers will re-attempt
delivery through external mx mailers...
If I generate a 451 code to external MTA's
They should try the secondary mx, correct?
--
Luke Computer Science System Administrator
Security Administrator,College of Engineering
Montana State University-Bozeman,Montana
More information about the MIMEDefang
mailing list