Full Disclosure mailing list archives
RE: Proposal: how to notify owners of compromisedPC's
From: "Remko Lodder" <remko () elvandar org>
Date: Wed, 28 Jan 2004 21:27:33 +0100
indeed i also object to these issues, i dont want to be dependant on my ISP when it comes to sending email from my domains, i want to send and block whoever i want to block, and i want the ability host these stuff myself on my home ADSL line. currently my users can only use webmail, so no relaying can be done from my machines. Other options must be thought off ;) cheers -- Kind regards, Remko Lodder Elvandar.org/DSINet.org www.mostly-harmless.nl Dutch community for helping newcomers on the hackerscene -----Oorspronkelijk bericht----- Van: full-disclosure-bounces () lists elvandar org [mailto:full-disclosure-bounces () lists elvandar org]Namens petard Verzonden: woensdag 28 januari 2004 19:37 Aan: Thomas Zangl - Mobil CC: full-disclosure () netsys com Onderwerp: Re: [Full-Disclosure] Proposal: how to notify owners of compromisedPC's On Wed, Jan 28, 2004 at 05:19:08PM +0100, Thomas Zangl - Mobil wrote:
A working solution (practiced at the TU Graz / Austria) would be an open mail relay for every user in the ISPs address space and block all outgoing connections to port 25. The users will be forced to use the ISPs relay and can?t send out virii/[apply your favorite filter rule here] etc...
Sorry for a borderline off-topic reply, but I'm cc-ing the list so this is in the archives, in case any stupid ISP reads this and thinks it's a good idea. It isn't. I left my ISP about 9 months ago because they implemented this very policy. It entirely destroyed my ability to send email from my preferred address. Our SMTP setup at example.com relays mail from people claiming to be @example.com if and only if they have been authenticated using a client X.509 certificate issued by the example.com root certificate authority. The mechanism for achieving this is to connect to smtp.example.com, port 25, and use the STARTTLS command after the EHLO, as described in RFC 3207. The policy you describe broke this, and therefore prevented me from sending mail to my cohorts at example.com. The ISP would not make an exception, so I left. I was not the only one. regards, petard -- If your message really might be confidential, download my PGP key here: http://petard.freeshell.org/petard.asc and encrypt it. Otherwise, save bandwidth and lose the disclaimer. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html _______________________________________________ Full-disclosure mailing list Full-disclosure () lists elvandar org http://lists.elvandar.org/mailman/listinfo/full-disclosure _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- RE: Proposal: how to notify owners of compromisedPC's Remko Lodder (Jan 28)
- <Possible follow-ups>
- Re:Proposal: how to notify owners of compromisedPC's Thomas Zangl - Mobil (Jan 28)
- Re:Proposal: how to notify owners of compromised PC's Erik van Straten (Jan 28)