Good Net Neighbor Phase 2
Due to the success of Phase 1 of the Good Net Neighbor (GNN) service as well as the continuing proliferation of bot-infected systems on customer networks, MOREnet Security is offering GNN Phase 2 to MOREnet members. Any MOREnet member may sign up for this voluntary, no-cost service using their MyMOREnet accounts and creating a help desk ticket.
GNN Phase 2 will implement access control lists to block outbound port 25 (Simple Mail Transport Protocol—SMTP) traffic from all systems except known, designated mail servers within your organization or network. Most bots, worms and viruses have their own SMTP engines and use those engines to send spam, viruses and phishing schemes from infected machines. By blocking workstations' ability to send traffic on port 25, your network will not become "spam friendly," and you will be less likely to end up on a blacklist. This configuration is considered a best practice and many commercial Internet Service Providers have implemented such services for their customers.
Note: This service is not a substitute for patching and updating machines or using anti-virus protection.
Affects of blocking port 25:
- Hosts not on the designated servers list will not be able to send e-mail. Subscribers must provide MOREnet with an accurate and complete list of e-mail servers (and other hosts that are permitted to send e-mail using their own SMTP engines, such as student records systems and other administrative systems).
Failure to provide an accurate and complete list of e-mail servers will result in servers not on the list being unable to send e-mail. Although most systems will queue mail and attempt to deliver it later, some messages could be lost. It is imperative that customers using GNN Phase 2 examine all SMTP traffic originating from their networks to ensure that important servers don't get inadvertently blocked. MOREnet Security can assist with this analysis.
- Some users may not be able to send e-mail using certain stand alone e-mail clients. Most legitimate e-mail servers require users either to be on the same network subnet as the mail server or to authenticate to the mail server prior to relaying mail. If a server does not have these requirements, GNN Phase 2 might prevent a user from sending e-mail from servers located outside the customer network.
- Authenticated e-mail may be sent on ports other than port 25 and will not be affected by this service. Users of the kinetic service access e-mail this way and will not be affected. For example, some services require users to establish an authenticated SSL session over port 465 or port 587. None of these services will experience issues after the implementation of GNN Phase 2.
Sites using web-based e-mail will be unaffected by GNN Phase 2.
This configuration is considered a best practice, and many commercial Internet Service Providers have implemented such services for their customers.
If you would like to participate in this service and you understand the potential issues that are involved in blocking outbound port 25, please log on to your MyMOREnet account and select the Help Desk Ticket Management application. Click Submit a Ticket to Technical Support and create a new ticket for your organization. Set the ticket's category to Internet Security. A pop-up dialog box will appear indicating that all MyMOREnet users in your organization can view this data. Click OK. Enter text describing what you would like to have configured or paste the text below into the Describe the Problem or Request field.
I would like to sign up for Phase II of the GNN, the outbound port 25 blocking service. I am providing all known e-mail server IP addresses in the Additional Information field below. I understand that if I fail to provide you with a server address for exclusion from the block, mail from that server will not be allowed to be transmitted outside our network. Please activate my block.
In the Additional Information field, list the IP addresses of the servers that you wish to allow to send e-mail.
Once MOREnet Security receives your ticket request, you will be contacted to verify the information and to schedule a time to make the configuration changes. Once the configuration changes have been made, you will be required to send an e-mail to firstname.lastname@example.org (or possibly other security staff e-mail addresses) to verify that your e-mail server is still functioning.
If you have questions, contact MOREnet Security at email@example.com or (800) 509-6673.