On 3/28/23 11:07 AM, Al Iverson via mailop wrote:
You're sort of trying to argue me out of agreeing with you. Here's the parallels I see.

?

A Sendmail server so old that it can only be an open relay. Block it proactively? Or block it only after it has been exploited?

1st, I said /contemporary/ Sendmail.  ;-)

An Exchange server so old that it HAS to be vulnerable to XYZ spam relay exploit. Block it proactively? Or block it only after it has been exploited?

I think both of them are /only/ /block/ /after/ it has been exploited.

The fact that it is exploitable does not mean, much less guarantee, that it will be exploited.

Consider an ancient NT 4.0 w/ Exchange 5.5 and line of business application that is only used from the physical console to look up old records in said LoB application. It's behind multiple levels of stateful packet inspecting firewalls from multiple vendors.

Consider a /contemporary/ *nix system running a /contemporary/ version of Sendmail that is only bound to localhost and used to send email updates from a sensor attached to a USB port.

I view both of those systems as being very nearly impossible to exploit in the way that I think you are talking about.

/What/ /have/ /these/ /systems/ /done/ to warrant being blocked? N.B. one is ~25 years old and the other is ~25 weeks old.

/How/ are you going to differentiate between SMTP from Exchange 5.5, SMTP from /contemporary/ Sendmail, and SMTP from MS-O365?

I think that it's very audacious to say that SMTP from software older than X number of Y units.

Who sets the X number and Y units?

I find it a "grey area" because it feels wrong at some level to block without evidence of being exploited.

As well it should.

Which is what I thought your point was.

Yes.

But we're all debating for debate club's sake. Who gives a shit what we think? It's not our call. Their server, their rules.

We, as an email industry decide what we collectively think.

Hopefully what we as an industry collectively think has some influence on what Microsoft decides to do with their servers.

I'm going to spend only the TINIEST amount of time shaking my fist at the sky.

I feel like we all should do more than that.

There are many parallels throughout history.

There was an episode of MacGyver /many/ years ago where a comment was made about killing an individual ant. It's not the one at that's the problem. It's the millions of it's relatives that are coming to the funeral that are the problem.

Our collective voice as (part of) the email industry are those millions of relatives coming to the funeral. We /collectively/ put the fear into the person that kill us individually.



--
Grant. . . .
unix || die

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

_______________________________________________
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Reply via email to