[Asrg] Re: Asrg Digest, DNSBL BCP v.2.0
Matt Sergeant
msergeant at messagelabs.com
Sun Mar 4 15:17:55 EST 2007
On 4-Mar-07, at 2:18 PM, <gep2 at terabites.com> <gep2 at terabites.com>
wrote:
>> Simple question... *WHY WAS THE ROUTER/GATEWAY NOT BLOCKING PORT
>> 25 TO/FROM ALL MACHINES EXCEPT AUTHORIZED INTERNAL MTAS* ??? If your
> client had taken that one simple step, none of this would've happened.
>
> Several issues there.
>
> First, they have at least three or four internal machines (out of
> only about 15) running mail servers. (These servers were basically
> used as a speed buffer/queue for outgoing mail only).
Jeez - how much email does this 15 person company send??? A
reasonable mail server can handle a million mails an hour - just how
much "speed" do they need?
> Third, the primary machine involved with their infection was in
> fact one of the machines running not just a mail server, but a
> critical app which does legitimately send E-mails as a key part of
> its job.
So lets get this straight - the mail server was being used as a
desktop machine? I see no other way it could have been infected with
a spam trojan than someone happened to be using it as a desktop.
I'm sorry this happened to the company you administer, but clearly it
has taught you some really important lessons about corporate network
security that you can apply to future contracts. Frankly you should
probably be glad they got CBL listed.
Matt.
______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email
______________________________________________________________________
More information about the Asrg
mailing list