All quiet?

[Alisdair Davey]

> > Managed to hack together an internet connection at the hospital, despite 
> > them blocking all non-web ports and running a Websense box looking for 
> > HTTP traffic on everything else. Fortunately, like good little 
> > sys-admins, they left 22 open for their own benefit. Oh, what a mistake :-)
> > I've now got SMTP running over 443, and full unrestricted web access 
> > tunneled over SSH on 22. Amazing what you can do with an SMTP server and 
> > a squid at work :-)
> 
> I'm glad you are on our side ;^)

So I start work at this new place doing my day job (you know average rocket
science stuff) and a junior sysadmin (you know the kind, the new breed that
doesn't wear sandals with odd colored socks) stops by and we talk about
setting up my machine and I ask about using external mail servers (as you
do) and he goes proudly 'Oh no, we block port 25 to everything except our
local mail server.' Ok 'no problem', says I cheerily 'I'll just use port 26
instead.' Stutters...'I don't think mail work like that'. Says I 'actually
you can run a mailserver on any port you like, just don't expect the world
to find you if you don't run one on port 25. I use both 25 and 26 so my
clients who are behind brain dead ISPs can use a real mailserver (TM).' and
I do a telnet to port 26 on my machine to show him. *cough* *splutter*
(maybe some apoplexy too :) 'Oh I didn't know you can do that. Maybe we
should block port 26 too.' 'Well you can', I said wondering why they aren't
running a DENY ALL then ALLOW only what you need kinda firewall but I
figured that bit of philosophy might be a bit too much for him,'but you do
allow outgoing ssh don't you?' 'Yes of course' ... and I point you back to
Julian's most excellent comment above. Maybe I'll buy junior one blue and
one red sock for christmas...
Cheers
Alisdair

-- 
Alisdair Davey                                    ard at pergamentum.com 
Pergamentum Solutions