[Mimedefang] OT: Blocking Port 25
John Rudd
john at rudd.cc
Tue Jan 30 13:57:36 EST 2007
Kenneth Porter wrote:
> On Tuesday, January 30, 2007 11:39 AM -0500 "David F. Skoll"
> <dfs at roaringpenguin.com> wrote:
>
>> Actually, I think blocking port 25 by default is an excellent idea
>> providing you unblock it if people ask for that. Since the vast
>> majority of computer users never bother to change defaults, blocking port
>> 25 by default will remove a huge number of potential botnet spammers.
>
> One might even block all inbound and outbound ports below 1024 except
> the obvious consumer ones like web and POP3 and provide a simple web
> interface to unblock them. That would also block SMB-based attacks.
For defaults, don't forget IMAP, outbound ssh, outbound passive ftp, and
the other simple ones.
But, yeah... agree in principle. Block all but the REALLY
common/basics, provide a web interface (accessible only from client
networks, not from the outside world) for unblocking.
More information about the MIMEDefang
mailing list