nanog mailing list archives

Re[2]: SPAM from own customers

From: Richard Welty <rwelty () averillpark net>
Date: Tue, 2 Dec 2003 14:53:25 -0500 (EST)


On Tue, 2 Dec 2003 14:32:16 -0500 Brian Bruns <bruns () 2mbit com> wrote:

SMTP AUTH is becoming risky if its not carefully setup and monitored.  I can
name one big time spammer who has warmed up to cracking weak passwords on
e-mail systems that do SMTP AUTH.  Means you'd have to filter your outbound
mail servers port 25 from anyone not inside your network or a trusted
source.


not just weak passwords, but there are also obvious default, admin,
and guest accounts on some SMTP servers which are sitting there,
easily guessed, and they are indeed being taken advantage of.

richard
-- 
Richard Welty                                         rwelty () averillpark net
Averill Park Networking                                         518-573-7592
    Java, PHP, PostgreSQL, Unix, Linux, IP Network Engineering, Security

Current thread:

SPAM from own customers Michel Renfer (Dec 02)
- Re: SPAM from own customers Suresh Ramasubramanian (Dec 02)
  - Re: SPAM from own customers Brian Bruns (Dec 02)
    - Re[2]: SPAM from own customers Richard Welty (Dec 02)
  - Re: SPAM from own customers Adam Debus (Dec 02)
- Re: SPAM from own customers Chris Lewis (Dec 02)