Author: Edgar Lovecraft Date: To: exim Subject: Re: [exim] Report of new spam technique
Bill Hacker wrote: > ..[snip]... >
> So; I am still looking for the 'smoking gun' w/r ISP relay
> vulnerability.
> Spammers may be trying harder, but so are the rest of us.
> We have the advantage of operating in the open, cooperatively, and with
> a better 'trust' model.
>
> Ergo, the article(s) still look(s) like sensationalism and FUD to me.
> But I remain paranoid enough to ask 'what have I missed', what do we
> need to now change // make sure we have already changed // do not forget
> to check ..... to stop such a risk?
>
The article is snesatinalistic, but the 'problem' is that most ISP's
do not force their users to use ASMTP, let alone use encryption for
the SMTP transaction. So... it is really easy to fix, ISP's just need
at the very least, to move from IP based relaying to authenticated relay,
or authenticated relay only from their IP ranges, etc. Add that to
restricting the client IP ranges connecting on TCP 25 outside the ISP
network, and we can 'correct' most of the zombie machine behavior.
I believe that come a few years from now, there very well could be some
ISP's that choose to run 'open' systems and networks that get entirely
blacklisted just because they refuse to help clean up the erroneous
traffic.
