Autor: W B Hacker Data: A: exim users Assumpte: Re: [exim] automatically blacklisting clients that fail
SMTPauthentication
Lena@??? wrote: >> From: W B Hacker
>
>>> The checks in rcpt - for spamming from trojaned windozes in LAN and
>>> using passwords stolen with trojans.
>
>> IF 'in LAN' really does mean 'Local...' and taking as a given that
>> protecting WinDoze from infection is not possible and never will be,
>>
>> - could you instead operate internally on ONLY a non-standard submission
>> port and protocol such that 'house configured' MTA would work, but bots
>> assuming 25, 465, 587 and their respective protocols would not even FIND
>> the 'real' submission port?
>
> Bots needn't to assume. In order to send via a relay, a bot needs
> to know the relay's hostname. How the bot can know the hostname?
> By looking into Outlook Express (or Outlook, or Microsoft Internet Mail)
> settings. There is the port number there too.
> Along with login and password if they are required.
I'll take the WinWoes vulnerability as a given.
> So I don't see a difference at which port Exim accepts submissions.
SOME difference. Not all bots are created equal.
Historically, far more operated a port-25-seeking smtp engine of their
own than were able to find credentials and emulate an MUA.
I'll also take as a given that that has shifted.
Fortunately, we have no need to support 'permanent' WinClients here -
but the code you posted may still be of interest in an acl_not_smtp acl
apllied to webmail if/as/when folks are on a temporary machine.
> I have set up my Exim to listen on two ports (25 and another)
> only because my old ISP blocked port 25.
>
As they should do.
Smart folks, and they'll probably not be among the 18 Ukrainian .tld I
hard block who DON'T try to curb the worst of their WinBots.
No Geo-IP blocks here, though. (hint, hint)
Even for Chinese CIDR /8 ranges, I don't firewall-block ALL of their
carriers.. most are government and university ones that are such chronic
serial abusers I begrudge the wasted b/w and log bytes.
I may be a hard-a**, but I am a SELECTIVE hard-a**
