Kenneth Porter wrote:
On Tuesday, January 30, 2007 11:39 AM -0500 "David F. Skoll"
<[EMAIL PROTECTED]> wrote:
Actually, I think blocking port 25 by default is an excellent idea
providing you unblock it if people ask for that. Since the vast
majority of computer users never bother to change defaults, blocking port
25 by default will remove a huge number of potential botnet spammers.
One might even block all inbound and outbound ports below 1024 except
the obvious consumer ones like web and POP3 and provide a simple web
interface to unblock them. That would also block SMB-based attacks.
For defaults, don't forget IMAP, outbound ssh, outbound passive ftp, and
the other simple ones.
But, yeah... agree in principle. Block all but the REALLY
common/basics, provide a web interface (accessible only from client
networks, not from the outside world) for unblocking.
_______________________________________________
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID. You may ignore it.
Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
