Re: [opensuse] Have I been hacked or "visited"? seccheck and rkhunter outputs

On 12/24/2015 12:28 PM, Greg Freemyer wrote:

On Thu, Dec 24, 2015 at 3:11 PM, John Andersen wrote:

...

I egress filter email ports, and a few similar things at the firewall, but when your users are talking to big-mailers (google, yahoo, microsoft) it becomes almost impossible to keep a list of valid destinations up to date. Connection addresses end up being pools any you never know what IP the next connection is going to.

Lots of places simply don't let "workstations" make outbound connections to random SMTP servers.

Verizon for one doesn't allow port 25 traffic in either direction for home users.

I don't know if most companies allow random outbound POP/IMAP connections.

I can imagine that a lot of companies block those too. Users are forced to use the corporate email server.

Greg -- Greg Freemyer www.IntelligentAvatar.net

Agreed, those port 25 egress attempts are easy to block. But with Google using and others requiring (or strongly encouraging) secure connections (smtp = 465, pop3S = 995 ImapS = 993) you have other things to block, which are much harder). For those users that use Gmail/Yahoo/Hotmail, I'd rather have them using a MUA than using a browser, as I think its a bit more secure. But maybe that's just me. -- After all is said and done, more is said than done. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org