November 2006

Here’s a quick little tip I learned…

On my corporate firewall, I have rules that block all outgoing HTTP and SMTP traffic unless it is coming from known servers. These servers run a Squid web proxy and an Exim mail relay. Blocking these ports for all workstations ensures all traffic must go through a server, first. Why?

  • Blocking the HTTP port ensures that everybody is using the web cache. This ensures the best performance for the user and the company as a whole.
  • Blocking the SMTP port protects against the spread of mail worms. No, it doesn’t protect us — it protects others against us in the case somebody in the company becomes infected. Three times over the past few years this has prevented the spread of a worm that somebody inadvertently brought inside the corporate LAN. Since the worms all tried to use their own internal SMTP engines instead of relaying through the server, none could make any outgoing connections to the Internet.

Just some thoughts. Comments welcome! Also, check out this article on spam and responsible behavior.