[Mimedefang] OT: Blocking Port 25

John Rudd john at rudd.cc
Tue Jan 30 13:57:36 EST 2007


Kenneth Porter wrote:
> On Tuesday, January 30, 2007 11:39 AM -0500 "David F. Skoll" 
> <dfs at roaringpenguin.com> wrote:
> 
>> Actually, I think blocking port 25 by default is an excellent idea
>> providing you unblock it if people ask for that.  Since the vast
>> majority of computer users never bother to change defaults, blocking port
>> 25 by default will remove a huge number of potential botnet spammers.
> 
> One might even block all inbound and outbound ports below 1024 except 
> the obvious consumer ones like web and POP3 and provide a simple web 
> interface to unblock them. That would also block SMB-based attacks.

For defaults, don't forget IMAP, outbound ssh, outbound passive ftp, and 
the other simple ones.

But, yeah... agree in principle.  Block all but the REALLY 
common/basics, provide a web interface (accessible only from client 
networks, not from the outside world) for unblocking.




More information about the MIMEDefang mailing list