nmh-workers
[Top] [All Lists]

Re: [Nmh-workers] Verizon DSL block

2010-01-22 18:24:33
Earl Hood wrote:
On January 22, 2010 at 16:26, Ken Hornstein wrote:

The port 25 block is pretty much standard for large ISPs today; it's
to prevent spammers from using massive networks of compromised PCs to
deliver spam.

Changing ports is useless unless authentication is required.
If deterring spammers is the primary goal, then ISPs can just require
authentication for customers over the standard SMTP port.

Changing to the submission port provides no benefit unless
authentication is required since spammers just tweek things to use
the submission port to send spam.

However, even with authentication, if a system is zombied, probably
would not take much for authentication credentials to be stolen by
the malware and used for sending out spam.

Most people (such as myself) who run personal mail servers have it set
up so port smtp port accepts mail for the domain, but will not forward,
and submission port that will forward, but must be authenticated.  If
you're just listening on port 25 and 587 but do the same thing
regardless, well, you're wrong. :-)

Also, even if user X is compromised, and their account is being use to
spam the crap out of machines, then at least there's a chokepoint.
Either the admin is going to notice something unusual is up, and stop
it, or they won't and they'll one day find out they're on a RBL
somewhere, and *NO* mail is going out.

Requiring authentication on port 25 is pointless.  I say pointless
because most do anyway, allowing you to authenticate on port 25 and
relay through them.  No authentication, no relay.  Port 587 just sort of
makes it easier to separate incoming (to your systems) from outgoing
(from your systems; oddly thought of, since it's really "incoming
intended to go out").  Further, you don't want the spambot army of death
attacking port 25 trying to authenticate, and thus also blocking regular
incoming mail.  Granted, it would block incoming-intended-to-go-out
mail. :-)

Sean

-- 
Sent from the 1st Circle


_______________________________________________
Nmh-workers mailing list
Nmh-workers(_at_)nongnu(_dot_)org
http://lists.nongnu.org/mailman/listinfo/nmh-workers

<Prev in Thread] Current Thread [Next in Thread>