Re: [exim] automatically blacklisting clients that fail SMTP…

Top Pagina
Delete this message
Reply to this message
Auteur: W B Hacker
Datum:  
Aan: exim users
Onderwerp: Re: [exim] automatically blacklisting clients that fail SMTPauthentication
Lena@??? wrote:
>> From: W B Hacker
>
>>> The checks in rcpt - for spamming from trojaned windozes in LAN and
>>> using passwords stolen with trojans.
>
>> IF 'in LAN' really does mean 'Local...' and taking as a given that
>> protecting WinDoze from infection is not possible and never will be,
>>
>> - could you instead operate internally on ONLY a non-standard submission
>> port and protocol such that 'house configured' MTA would work, but bots
>> assuming 25, 465, 587 and their respective protocols would not even FIND
>> the 'real' submission port?
>
> Bots needn't to assume. In order to send via a relay, a bot needs
> to know the relay's hostname. How the bot can know the hostname?
> By looking into Outlook Express (or Outlook, or Microsoft Internet Mail)
> settings. There is the port number there too.
> Along with login and password if they are required.


I'll take the WinWoes vulnerability as a given.

> So I don't see a difference at which port Exim accepts submissions.


SOME difference. Not all bots are created equal.

Historically, far more operated a port-25-seeking smtp engine of their
own than were able to find credentials and emulate an MUA.

I'll also take as a given that that has shifted.

Fortunately, we have no need to support 'permanent' WinClients here -
but the code you posted may still be of interest in an acl_not_smtp acl
apllied to webmail if/as/when folks are on a temporary machine.

> I have set up my Exim to listen on two ports (25 and another)
> only because my old ISP blocked port 25.
>


As they should do.

Smart folks, and they'll probably not be among the 18 Ukrainian .tld I
hard block who DON'T try to curb the worst of their WinBots.

No Geo-IP blocks here, though. (hint, hint)

Even for Chinese CIDR /8 ranges, I don't firewall-block ALL of their
carriers.. most are government and university ones that are such chronic
serial abusers I begrudge the wasted b/w and log bytes.

I may be a hard-a**, but I am a SELECTIVE hard-a**

;-)


Bill
--
韓家標