On 7/28/2014 4:56 PM, Brian wrote: > On Mon 28 Jul 2014 at 16:05:11 -0400, Jerry Stuckle wrote: > >> On 7/28/2014 1:16 PM, Brian wrote: >> >>> All my mail from home is sent directly using exim which, as far as I can >>> make out will only send on port 25. Leaving aside what you say below (my >>> ISP does not block outgoing port 25 traffic) I should not be affected? >>> >> >> Exim can use other ports also. It's all in the configuration. (but >> sorry, I do not have enough expertise to tell you exactly how to do it). > > Exim will definitely *receive* mail on multiple ports; that much I do > know. Sending on other than port 25 would appear to contradict the idea > that MTAs only communicate over port 25. But I'll look into it. >
Yes and no. There is also an concept of "smart host" (I don't know if this is exim only), where all outgoing mail is routed through a different host. It's quite often used in large companies, for instance, where an MTA receives all mail from users and delivers locally. This server is not directly accessible via the internet; rather another MTA handles all traffic in and out of the network. But the main thought here is - you shouldn't be running a local mail server on a residential account. There really is no need for it (business accounts are different). >>> So, in world where every ISP blocks outgoing port 25 connections the >>> delivering of one's own mail becomes impossible. The flow of spam and >>> malware across the net will continue to increase though, I suppose. >> >> No, it just means you need to connect to a mail server via port 587, >> then have it send the email. > > If exim cannot send over port 587......... And how do I know the mail > server I'm connecting to is accepting on port 587? I don't think mine > does; I'll have to check. I'm provisionally of the same opinion as > expressed above; the flow of communication is controlled. > I never said Exim cannot send over port 587. In fact, I said just the opposite. I just don't know enough about Exim configuration to provide the details. But then if you have residential service, there really is no need to have your own MTA (other than you want it). And even if you do have your own MTA, it doesn't help that much. When you send a message, all your MTA can do is tell you if the message was accepted by the destination MTA. Using a remote MTA will do the same thing. One other thing - if you have a dynamic IP address, none of the servers I maintain will ever accept your email. Dynamic IPs are specifically blocked due to spam problems. That is also becoming more and more common. >> If spammers can't use compromised machines, it severely limits the >> number of servers they can use. And since an IP can be blacklisted if >> too much spam is sent through it, responsible hosting companies and ISPs >> (i.e. those who don't wish to be blacklisted) will limit the number of >> messages which can be sent per time unit and/or terminate accounts for >> sending spam. A user on a compromised machine, though, wouldn't know >> their system was blacklisted and probably wouldn't care. >> >> Just another way to help protect unsuspecting users from themselves. > > I don't need or want protecting from myself. I'll go to hell in my own > way. :) > > The problem is it's not YOU who suffers if your machine is compromised. It is the rest of the internet. Jerry -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/53d6bb34.6000...@attglobal.net