Re: [Asrg] Re: Asrg Digest, DNSBL BCP v.2.0

On 4-Mar-07, at 2:18 PM, <gep2(_at_)terabites(_dot_)com> <gep2(_at_)terabites(_dot_)com>  
wrote:
> > Simple question... *WHY WAS THE ROUTER/GATEWAY NOT BLOCKING PORT  
> > 25 TO/FROM ALL MACHINES EXCEPT AUTHORIZED INTERNAL MTAS* ??? If your
> client had taken that one simple step, none of this would've happened.
>
> Several issues there.
>
> First, they have at least three or four internal machines (out of  
> only about 15) running mail servers. (These servers were basically  
> used as a speed buffer/queue for outgoing mail only).
Jeez - how much email does this 15 person company send??? A  
reasonable mail server can handle a million mails an hour - just how  
much "speed" do they need?
> Third, the primary machine involved with their infection was in  
> fact one of the machines running not just a mail server, but a  
> critical app which does legitimately send E-mails as a key part of  
> its job.
So lets get this straight - the mail server was being used as a  
desktop machine? I see no other way it could have been infected with  
a spam trojan than someone happened to be using it as a desktop.
I'm sorry this happened to the company you administer, but clearly it  
has taught you some really important lessons about corporate network  
security that you can apply to future contracts. Frankly you should  
probably be glad they got CBL listed.
Matt.

______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email 
______________________________________________________________________
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg