Hi there, I'm new here. <bait/> ;^) This thread should probably die soon, but...
At 02:31 2004-01-29 -0600, Phil Brutsche wrote: >petard wrote: . . . >>At any rate, blocking port 25 is a half-assed solution to a problem that >>needs to be solved at the MUA, not the MTA or MSA. > >Someone's irresponsible use of their MUA is not the only problem. Blocking outbound >TCP port 25 stops a virus/worm and spam problem that's caused by more than just crap >like the Mydoom variants. > >It may be "half-assed" but it's easier and more effective than getting you-know-who >to fix their sorry excuses for mail clients and/or getting end users to not be such >morons. Yes, as a quick and dirty solution it is indeed effective. And the sad, misled, blackhat-toting types wins another victory: the Net abandons yet another set of RFC requirements. ISP's strangling outbound SMTP makes me think of the Redmond way of "fixing" problems. This may be an entirely appropriate analogy since the root cause is the inbreed that plagues the Net where the vast majority of systems have the same exploitable bugs. The ability to make a direct connection from the sending MUA to the MX of the receiver is a critically important feature for at least two reasons that has not been mentioned in this thread: - Sensitive information you don't want lying around in a third party mail spool (if I was opposing the dictatorship, I would certainly not want them to trawl for my mails at a convenient central mail hub). - Nomadic users may in certain situations not even know which is their upstream provider accepted mail relay. Relentlessly reconfiguring your MUA's SMTP using wild guesses of working mail relay names is not my kind of fun, and I don't think I'm alone using CygWin on my "Corporate Standards Compliant" notebook just to run a reasonably respectable and dependable MTA for my mail routing. It is noteworthy that telia.com loudly announced that they would block outgoing SMTP, but rather quietly ceased doing so. The period of SMTP block must have been very brief, since I can't recall it ever affecting me, and at the time telia.com was my sole access. They do however scan mails that passes their servers, replacing positives with notifiers and a copy of the headers of the deleted mail and instructions on how to circumvent the scanning should the positive be a false one. Cheers, -- . /Ake Nordin +46704-660199 [EMAIL PROTECTED] Duston Sickler: "There are only 10 types of people in the world, those who understand binary and those who don't." _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html