19 Feb
2007
19 Feb
'07
6:55 p.m.
If the provider on which one is guesting has a policy
to block
outbound access from their network to all ports used for sending of
mail, so that they can force one through their SMTP server for sake
of control, micromanagement, or whatever, then (assuming they know
about it), would they not then block official port 587 as well as
port 25? That was the position I heard the 'customer service rep'
take the last time I tried to solve such a problem through appeal to
bureaucratic sensibility.
What I'm going to say is not new, but I guess we have a lot of trouble
with SMTP because the same port is used as well for the communication
between 2 MTAs as for between a MUA and a MTA.
I don't know about any provider that doesn't require smtp auth on port
587.
ISPs should block outgoing connections to port 25 unless they know the
source is a SMTP MTA. I guess this would mitigate a lot of zombies as
it would force them to use the provider's smtp server (which does
outbound spam/virus filtering and ISPs can easily identify their own
customers). Alternatively the zombie would use a remote port 587 but it
would require authentication so again the identification of the "owned"
machine / user would be possible.
Jean-Pierre
--
HILOTEC Engineering + Consulting AG - Langnau im Emmental
Energietechnik und Datensysteme: Server, PCs, Linux, Telefonanlagen,
VOIP, Hosting, Datenbanken, Entwicklung, Komplettlösungen für KMUs
Tel: +41 34 402 74 00 - http://www.hilotec.com/