All quiet?

Alisdair Davey ard at
Tue May 20 20:05:53 IST 2008

> > Managed to hack together an internet connection at the hospital, despite 
> > them blocking all non-web ports and running a Websense box looking for 
> > HTTP traffic on everything else. Fortunately, like good little 
> > sys-admins, they left 22 open for their own benefit. Oh, what a mistake :-)
> > I've now got SMTP running over 443, and full unrestricted web access 
> > tunneled over SSH on 22. Amazing what you can do with an SMTP server and 
> > a squid at work :-)
> I'm glad you are on our side ;^)

So I start work at this new place doing my day job (you know average rocket
science stuff) and a junior sysadmin (you know the kind, the new breed that
doesn't wear sandals with odd colored socks) stops by and we talk about
setting up my machine and I ask about using external mail servers (as you
do) and he goes proudly 'Oh no, we block port 25 to everything except our
local mail server.' Ok 'no problem', says I cheerily 'I'll just use port 26
instead.' Stutters...'I don't think mail work like that'. Says I 'actually
you can run a mailserver on any port you like, just don't expect the world
to find you if you don't run one on port 25. I use both 25 and 26 so my
clients who are behind brain dead ISPs can use a real mailserver (TM).' and
I do a telnet to port 26 on my machine to show him. *cough* *splutter*
(maybe some apoplexy too :) 'Oh I didn't know you can do that. Maybe we
should block port 26 too.' 'Well you can', I said wondering why they aren't
running a DENY ALL then ALLOW only what you need kinda firewall but I
figured that bit of philosophy might be a bit too much for him,'but you do
allow outgoing ssh don't you?' 'Yes of course' ... and I point you back to
Julian's most excellent comment above. Maybe I'll buy junior one blue and
one red sock for christmas...

Alisdair Davey                                    ard at 
Pergamentum Solutions

More information about the MailScanner mailing list