Full Disclosure mailing list archives
Re: Proposal: how to notify owners of compromised PC's
From: petard <petard () freeshell org>
Date: Thu, 29 Jan 2004 04:19:24 +0000
On Wed, Jan 28, 2004 at 05:37:59PM -0600, Phil Brutsche wrote:
<sending this to the list as well, since not enough people are doing the proper research>I left my ISP about 9 months ago because they implemented this very policy. It entirely destroyed my ability to send email from my preferred address. Our SMTP setup at example.com relays mail from people claiming to be @example.com if and only if they have been authenticated using a client X.509 certificate issued by the example.com root certificate authority.Then put SMTP on a different TCP port. RFC 2476, which specifies TCP port 587 to be a message submission port for MUAs, was specifically created to address this issue.
OK. You get a cookie. You've heard of RFC 2476. Now read it and you can have another. From the RFC: "A site MAY choose to use port 25 for message submission, by designating some hosts to be MSAs and others to be MTAs." Section 3.1 [emphasis in the original] Because of my ISP's suddenly BROKEN service, I was no longer able to operate in this RFC-compliant manner. This is in fact our preferred mode of operation at example.com, as it allows maximum client interoperability, or did anyway... It was our only mode of operation at that time. When this happened with my ISP, unannounced, we set the process in place to get the necessary holes punched in our firewalls and configure an extra instance of the smtp daemon on 587. This took weeks, and I still switched to a non-broken ISP. Our admins are not paid to work around ISPs who do not provide what they say they do, or suddenly and without notice stop doing so. At any rate, blocking port 25 is a half-assed solution to a problem that needs to be solved at the MUA, not the MTA or MSA. regards, petard -- If your message really might be confidential, download my PGP key here: http://petard.freeshell.org/petard.asc and encrypt it. Otherwise, save bandwidth and lose the disclaimer. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Proposal: how to notify owners of compromised PC's Erik van Straten (Jan 28)
- <Possible follow-ups>
- Re:Proposal: how to notify owners of compromised PC's Thomas Zangl - Mobil (Jan 28)
- Re: Re:Proposal: how to notify owners of compromised PC's Jonathan A. Zdziarski (Jan 28)
- Re:Proposal: how to notify owners of compromised PC's Erik van Straten (Jan 28)
- Re: Proposal: how to notify owners of compromised PC's petard (Jan 28)
- Re: Proposal: how to notify owners of compromised PC's Phil Brutsche (Jan 28)
- Re: Proposal: how to notify owners of compromised PC's petard (Jan 28)
- Re: Proposal: how to notify owners of compromised PC's Phil Brutsche (Jan 29)
- Re: Proposal: how to notify owners of compromised PC's Åke Nordin (Jan 29)
- Re: Proposal: how to notify owners of compromised PC's petard (Jan 28)
- Re: Proposal: how to notify owners of compromised PC's Dave Sherohman (Jan 29)