Dňa 18. apríla 2024 11:22:10 UTC používateľ Sebastian Arcus via mailop <mailop@mailop.org> napísal:
>However, if keeping outbound port 587 open turns out to be causing real >headaches, I could take a look at revising the existing approach. IMO, one don't need to block 465 port (or 587) from inside LAN, as it is near to impossible without breaking real users connections. But consider: + ratelimit it -- one user will not create a lot of connections, IMO good start can be 10 connections in 10-15 min + log over limit connections, this will allow to see if limit is too low and/or reveals infected hosts That will not prevent rogue connections, but will unhide them and thus one can do something with infected machine (block/clean or even trash it) relative quickly (my router FW logs are propagated over XMPP). And consider to include the POP3(S) and IMAP(S) too. regards -- Slavko https://www.slavino.sk/ _______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
