From: Paul Vixie <vixie@vix.com> Date: 08 Mar 2004 06:35:16 +0000

ken@kdmd.net (Ken Diliberto) writes:

[...snip...]

...

We're now blocking all SMTP traffic leaving the campus from non-blessed sources (read mail servers). The first day doing this we had comments about less junk mail traffic. We block traffic we consider harmful that shouldn't leave the campus. We're trying to do our part.

Any suggestions how we can do better?

yes. contact the nanog program committee so you can come to san francisco and tell the rest of us how you did it -- both in the ones and zeros, and in the dollars and cents.

Paul: This is MY take and not Ken's... Firewall: block port 25 from all internal hosts except those 'recognized' as mail servers. For a user or department to get a mail server set up and 'recognized', they probably have to go through some sort of "qualification" and scanning process to ensure that the mail host is configured correctly... Going to San Francisco is still a good idea though. Regards, Gregory Hicks

-- Paul Vixie

--------------------------------------------------------------------- Gregory Hicks | Principal Systems Engineer Cadence Design Systems | Direct: 408.576.3609 555 River Oaks Pkwy M/S 6B1 | Fax: 408.894.3479 San Jose, CA 95134 | Internet: ghicks@cadence.com I am perfectly capable of learning from my mistakes. I will surely learn a great deal today. "A democracy is a sheep and two wolves deciding on what to have for lunch. Freedom is a well armed sheep contesting the results of the decision." - Benjamin Franklin "The best we can hope for concerning the people at large is that they be properly armed." --Alexander Hamilton