* Wakko Warner schrieb am 21.09.04 um 03:41 Uhr:
> Keep me in CC.
>
> > > If I ran an ISPs mail server, I would:
> > > 1) disallow connections to port 25 from my customers
> > > 2) have my customers use port 587 (MSA), require authentication, and only
> > > allow the sender to be the authenticated sender (to prevent spoofing.
> > > NULL senders would be ok)
> > > 3) port 25 would never relay under any circumstances (that is excluding
> > > domains that I mx for)
> > > 4) deny access to port 25 to the internet from my customers. I would allow
> > > this for dedicated (static IP) users so they could host their own server.
> > > however, they would be responcible for security of their system (IE no
> > > open relay)
> > >
> > > Ok, you may ask why I'd do #1. Simple, It would stop virus email from ever
> > > being sent out from a customer. The exception is the virus that uses the
> > > user's MUA. If the user does not store their password, no problem. #4
> > > would prevent an emailing virus from spreading (given what I stated before)
> >
> > And what about viruses having their own SMTP engine?
>
> That was the idea. It would stop those cold.
>
> if the virus can't contact any server via port 25, how will it spread via
> email with it's own engine? that's basically what 1 and 4 were for (I guess
> 3 would add to it).
Ok then you have to block port 25 at your firewall. Maybe I
misunderstood you. I thought you want to block port 25 at your MTA
server...
-Marc
--
****************************************************
* (morganj): 0 is false and 1 is true, correct? *
* (alec_eso): 1, morganj *
* (morganj): bastard. *
