Re: [exim] Report of new spam technique

Top Page
Delete this message
Reply to this message
Author: Edgar Lovecraft
Date:  
To: Exim users list
Subject: Re: [exim] Report of new spam technique
Alan J. Flavell wrote:
>
> On Sat, 5 Feb 2005, David Daniels wrote:
>
> > There may be some good news.
> [..]
> > Recently SWBELL has begun to block port 25 outbound from their
> > networks. I have no idea if any other Bell applied the same rule.
> > One could hope :)
> >
> > Cox Internet has been blocking outbound port 25 from their network >
> for a long time.


Unfortunately, I have to say that Cox does little more than give lip
service to their own statements of blocking outbound TCP 25, I am
a cox cable customer and I can connect just fine, always have been able
to. I do know that Cox does block TCP 25 traffic in some locations,
just not all as they say they do.

For example....
220 sesame.csx.cam.ac.uk ESMTP Exim 4.44 Sun, 
                    06 Feb 2005 01:09:05 +0000
HELO I-AM-FROM-COX.COX.Net
250 sesame.csx.cam.ac.uk Hello 
        ip68-103-137-139.ks.ok.cox.net [68.103.137.139]


> But those customers /do/ presumably already have a way to submit bona
> fide mail; all that it takes is that the spammers find a way to subvert
> their computer (I nearly said "PC") into submitting the spam via the
> /same/ mechanism.


Yes we do have a way to submit bona fide mail, and we can do so without
authentication. As to the statement from another posting about ferreting
out a users password, that can be done, but it still takes even more
work for them, and makes it easier for an ISP to track what user
has a problem. Like I always say, blocking things, and forcing ASMTP
and or encrypted SMTP does not stop anyone who trys hard enough, but it
does slow them down some, and gives even more info for people to track
down.

> The days of viruses coming with their own port-25 SMTP engine are
> clearly measured; but other techniques are already spreading.
> There's a dominant vendor who has a long history of making things easy
> that ought to remain hard - such as multifarious ways of executing code
> supplied by an untrusted sender. They've recently shown some signs of a
> change of heart, but I'm reserving judgment till I see how it works
> out. And no matter how good the technology, there's always the social
> engineering approach.
>

.[snip]...
>


I agree :) but again, anyone who is that dedicated, can always find a
way around things.

--

--EAL--

--