On Wed, Jan 28, 2004 at 09:20:24PM +0100, Thomas Zangl - Mobil wrote: > As I said before, the ISP _HAS_ to provide an alternative mail relay, open > for every FROM address the user whishes to use. (If it?s legal or not thats > another point). If you really need access to YOUR smtp server, it should > be possible to configure your MTA to listen to an alternative port than > 25 too. I use this kind of setup for myself as I?m "smtp firewalled" the > way I?ve described above. > You don't understand. My organization (example.com) has its MTAs configured such that we ONLY accept mail claiming to be FROM example.com if it is relayed by MSAs which ONLY accept mail from our users, who can only connect to those using TLS connections which are authenticated using X.509 certificates. I cannot send mail to someone at example.com from my example.com address using any other party's server. It was not *difficult* to configure the various MSAs to listen on alternate ports as well, nor to open the firewalls such that the clients could connect there. But it had to clear a change control process which has some lead time to it.
And I had to waste my time and my admin's time working around my ISP. > The benefit (in my opinion) would be greater, in my enviroment, then the > loss of freedom individual users will suffer. In case of static IP?s ISPs might > be able to offer exceptions. Unless we fix the clients, the benefit will not be there long term. You *might* see spam confined to spam-friendly ISPs and therefore more easily filtered, but you will not see less malware. There are too many other vectors, and ISPs may not legally be able to virus-check every message they transmit. (They'd certainly *risk* their common carrier status by performing this filtering.) We'll just have malware going through ISP servers, proxies, kazaa, etc. as so much of it already does. regards, petard -- If your message really might be confidential, download my PGP key here: http://petard.freeshell.org/petard.asc and encrypt it. Otherwise, save bandwidth and lose the disclaimer. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
