nanog mailing list archives

Re: anybody else been spammed by "no-ip.com" yet?

From: Marc MERLIN <marc_news () valinux com>
Date: Sat, 11 May 2002 15:23:28 -0700


On Fri, May 10, 2002 at 11:27:10AM +1000, Terence Giufre-Sweetser wrote:

Now there's a good idea, and it works, I have several sites running a
"port 25" trap to stop smtp abuse.

To stop port 25 abuse at some schools, the firewall grabs all outgoing
port 25 connections from !"the mail server", and to !"the mail server",
and runs then via "the mail server", which stops header forging, mass rcpt
to: abuse, and vrfy/expn probing. Anything that goes past the filters has
a nice clear and traceable received by: line.


I'm not sure what's so swell with this.
I require  SMTP AUTH  over SSL  with STARTTLS  (exclusively), and  this nice
little hijack scheme makes for great support calls.

They  steal the  SMTP connection,  and then  are enable  to provide  the SSL
connection and our server certificate (obviously), so the connection fails.

Yes, the  "solution" is to pick  a different non standard  port, which comes
with its own set  of problems (not counting mail clients  that are unable to
use a different port), but I'd much rather that they do not hijack my client
connections  (blocking open  relays  and  DUL IPs  works  just  fine if  you
choose/need to do that)

Marc
-- 
Microsoft is to operating systems & security ....
                                      .... what McDonalds is to gourmet cooking
  
Home page: http://marc.merlins.org/   |   Finger marc_f () merlins org for PGP key

Current thread:

Re: anybody else been spammed by "no-ip.com" yet?, (continued)
- - - Re: anybody else been spammed by "no-ip.com" yet? Mike Joseph (May 06)
    - Re: anybody else been spammed by "no-ip.com" yet? Marc MERLIN (May 06)
    - Re: anybody else been spammed by "no-ip.com" yet? Scott Francis (May 07)
    - Sample Internet SLAs Darrell Kristof (May 07)
    - Re: anybody else been spammed by "no-ip.com" yet? todd glassey (May 05)
    - Re: anybody else been spammed by "no-ip.com" yet? Terence Giufre-Sweetser (May 09)
    - Re: anybody else been spammed by "no-ip.com" yet? Joel Baker (May 09)
    - Re: anybody else been spammed by "no-ip.com" yet? Jim Hickstein (May 09)
    - Re: anybody else been spammed by "no-ip.com" yet? David Charlap (May 10)
    - Re: anybody else been spammed by "no-ip.com" yet? Stephen J. Wilcox (May 10)
    - Re: anybody else been spammed by "no-ip.com" yet? Marc MERLIN (May 11)
    - Re: anybody else been spammed by "no-ip.com" yet? Johannes B. Ullrich (May 04)
    - Re: anybody else been spammed by "no-ip.com" yet? Forrest W. Christian (May 04)
    - Re: e-postage yet again, was anybody else been spammed by "no-ip.com" yet? John R. Levine (May 04)
    - Re: e-postage yet again, was anybody else been spammed by "no-ip.com" yet? Nathan J. Mehl (May 05)
    - Re: e-postage yet again, was anybody else been spammed by "no-ip.com" yet? Valdis . Kletnieks (May 05)
    - Re: e-postage yet again, was anybody else been spammed by "no-ip.com" yet? Nathan J. Mehl (May 05)
    - Re: anybody else been spammed by "no-ip.com" yet? Steven J. Sobol (May 04)
    - Re: anybody else been spammed by "no-ip.com" yet? Bruce Campbell (May 05)
  - Re: anybody else been spammed by "no-ip.com" yet? Steven J. Sobol (May 04)
- RE: anybody else been spammed by "no-ip.com" yet? Ron Snyder (May 04)

(Thread continues...)