nanog mailing list archives
Re: Transparent hijacking of SMTP submission...
From: Suresh Ramasubramanian <ops.lists () gmail com>
Date: Fri, 28 Nov 2014 05:40:03 +0530
Yes. Till that hotspots IP space gets blackholed by a major freemail because of all the nigerians and hijacked devices emitting bot traffic through stolen auth credentials. There's other ways to stop this but they take actual hard work and rather more gear than a rusted up old asa you pull out of your closet as like as not. On Nov 28, 2014 2:10 AM, "Mark Andrews" <marka () isc org> wrote:
Which is why your MTA should always be setup to require the use of STARTTLS. Additionally the CERT presented should also match the name of the server. There is absolutely no reason for a ISP / hotspot to inspect submission traffic. The "stopping spam" argument doesn't wash with submission. Mark In message <54778167.7080808 () bogus com>, joel jaeggli writes:I don't see this in my home market, but I do see it in someone else's... I kind of expect this for port 25 but... J@mb-aye:~$telnet 147.28.0.81 587 Trying 147.28.0.81... Connected to nagasaki.bogus.com. Escape character is '^]'. 220 nagasaki.bogus.com ESMTP Sendmail 8.14.9/8.14.9; Thu, 27 Nov 2014 19:17:44 GMT ehlo bogus.com 250-nagasaki.bogus.com Hello XXXXXXXXXXXXXXX.wa.comcast.net [XXX.XXX.XXX.XXX], pleased to meet you 250 ENHANCEDSTATUSCODES J@mb-aye:~$telnet 2001:418:1::81 587 Trying 2001:418:1::81... Connected to nagasaki.bogus.com. Escape character is '^]'. 220 nagasaki.bogus.com ESMTP Sendmail 8.14.9/8.14.9; Thu, 27 Nov 2014 19:18:33 GMT ehlo bogus.com 250-nagasaki.bogus.com Hello [IPv6:2601:7:2380:XXXX:XXXX:XXXX:c1ae:7d73], pleased to meet you 250-ENHANCEDSTATUSCODES 250-PIPELINING 250-8BITMIME 250-SIZE 250-DSN 250-AUTH DIGEST-MD5 CRAM-MD5 LOGIN 250-STARTTLS 250-DELIVERBY 250 HELP that's essentially a downgrade attack on my ability to use encryption which seems to be in pretty poor taste frankly.-- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: marka () isc org
Current thread:
- Transparent hijacking of SMTP submission... joel jaeggli (Nov 27)
- Re: Transparent hijacking of SMTP submission... Mark Andrews (Nov 27)
- Re: Transparent hijacking of SMTP submission... Suresh Ramasubramanian (Nov 27)
- Re: Transparent hijacking of SMTP submission... Mark Andrews (Nov 27)
- Re: Transparent hijacking of SMTP submission... Suresh Ramasubramanian (Nov 27)
- Re: Transparent hijacking of SMTP submission... Suresh Ramasubramanian (Nov 27)
- Re: Transparent hijacking of SMTP submission... Mark Andrews (Nov 27)
- Re: Transparent hijacking of SMTP submission... William Herrin (Nov 27)
- Re: Transparent hijacking of SMTP submission... Suresh Ramasubramanian (Nov 27)
- Re: Transparent hijacking of SMTP submission... Jay Ashworth (Nov 27)
- Re: Transparent hijacking of SMTP submission... William Herrin (Nov 29)
- Re: Transparent hijacking of SMTP submission... Jay Ashworth (Nov 27)
- Re: Transparent hijacking of SMTP submission... Randy Bush (Nov 29)
- Re: Transparent hijacking of SMTP submission... Sander Steffann (Nov 29)
- Re: Transparent hijacking of SMTP submission... Jean-Francois Mezei (Nov 29)
- Re: Transparent hijacking of SMTP submission... Sander Steffann (Nov 29)