nanog mailing list archives
Re: Time to check the rate limits on your mail servers
From: Todd Vierling <tv () duh org>
Date: Thu, 3 Feb 2005 14:36:30 -0500 (EST)
On Thu, 3 Feb 2005, Jason Frisvold wrote:
prevents zombies from spamming. Unfortunately, it also blocks legitimate users from being able to use SMTP AUTH on a remote server..There's a *reason* why RFC2476 specifies port 587....I assume you're referring to the ability to block port 25 if 587 is used for submission. This is great in theory, but if this were the case, then the Trojan authors would merely alter their Trojan to use port 587.
If they authenticate. Modulo a stupidity built-in to Sendmail (that Claus Assman ignorantly thinks is a non-issue[*]), port 587 is not supposed to be used for endpoint MTA delivery. It's a mail SUBMISSION port, which is supposed to mean that J. Random Client isn't supposed to use it for delivery purposes. === [*] As of now, Sendmail doesn't require one of SMTP AUTH auth by default on the MSA port; it treats 25 and 587 identically (so that things like IP-based relay auth work without need for SMTP AUTH). I sent a m4-only change to the Sendmail maintainers implementing a way to make 587 allow only relay-authorized clients to send anything at all by default -- whther IP-based relay auth, or SMTP AUTH, or any other method built in to the relay-check code path. It was shot down by Claus because he simply doesn't understand the issue and doesn't think identical 25 and 587 ports is a threat. -- -- Todd Vierling <tv () duh org> <tv () pobox com>
Current thread:
- Re: Time to check the rate limits on your mail servers, (continued)
- Re: Time to check the rate limits on your mail servers Gadi Evron (Feb 03)
- Re: Time to check the rate limits on your mail servers Raymond Dijkxhoorn (Feb 03)
- Re: Time to check the rate limits on your mail servers Gadi Evron (Feb 03)
- Re: Time to check the rate limits on your mail servers Michael . Dillon (Feb 03)
- Re: Time to check the rate limits on your mail servers Scott Weeks (Feb 03)
- Re: Time to check the rate limits on your mail servers Jørgen Hovland (Feb 03)
- Re: Time to check the rate limits on your mail servers Gadi Evron (Feb 03)
- Re: Time to check the rate limits on your mail servers Jason Frisvold (Feb 03)
- Re: Time to check the rate limits on your mail servers Valdis . Kletnieks (Feb 03)
- Re: Time to check the rate limits on your mail servers Jason Frisvold (Feb 03)
- Re: Time to check the rate limits on your mail servers Todd Vierling (Feb 03)
- Re: Time to check the rate limits on your mail servers Nils Ketelsen (Feb 03)
- Re: Time to check the rate limits on your mail servers Petri Helenius (Feb 03)
- Re: Time to check the rate limits on your mail servers Rich Kulawiec (Feb 03)
- Re: Time to check the rate limits on your mail servers Andy Johnson (Feb 03)
- Re: Time to check the rate limits on your mail servers Jørgen Hovland (Feb 03)
- Re: Time to check the rate limits on your mail servers Edward B. Dreger (Feb 03)
- Re: Time to check the rate limits on your mail servers Nanog List (Feb 03)
- Re: Time to check the rate limits on your mail servers Edward B. Dreger (Feb 03)
- Re: Time to check the rate limits on your mail servers Robert Blayzor (Feb 03)