[CentOS] How to handel smtp to public servers

Wed Jun 27 14:08:37 UTC 2012
Tilman Schmidt <t.schmidt at phoenixsoftware.de>

Am 27.06.2012 11:15, schrieb Götz Reinicke:
> Am 27.06.12 10:29, schrieb Fajar Priyanto:

>> 1. Many malware have their own smtp and can send spam directly.
>> To overcome this, block port tcp 25 on your gateway, and only allow
>> your mailserver.

> Hi, thanks for your suggestion. But for the mentioned clients thats not
> possible. :/ [...]
> We do have about 100th of freelancers 'flying in and out' of our academy
> which we cant 'restrict' by forcing tham to change there clients settings.

Nobody *needs* port 25 from their client to a public server.
Port 25 is intended for forwarding mail from one server to the
next, not for submitting mail from a client to its server.
The standard port for sending mail from a client is 587, the
mail submission port. Using port 25 for that is arguably a
configuration error which should be corrected.

What's more, blocking outbound port 25 is generally recommended
practice and standard for many ISPs, so your freelancers will
often face the same restriction on their home LAN, Internet
cafe or wherever else they may want to write e-mails, adding
to their motivation to fix their configuration instead of
arguing with you.


Tilman Schmidt
Phoenix Software GmbH
Bonn, Germany