> Whenever a client has no need for SMTP AUTH for their own clients,
> we do advise them to set up port blocking...
We've always seen relay attempts to _any_ machines that listen on port
25 and assume that such machines will see illegitimate traffic. There
should never be any reason to leave a mail server exposed at all if
you can hide it with an ACL--even if the relay attempts would be
rebuffed.
Recently, we have seen connections to non-MX hosts that have "mail" in
the name and to those without. Since port scanning huge IP ranges is a
trivial task and PTRs are <<de rigueur>> these days, I'd be inclined
to believe that both "Is mail.example.com a mail server?" and "What's
the PTR domain for that mail server I just found?" are being done. We
should expect both questions to be followed up on, likely, as you say,
by owned machines.
--Sandy
------------------------------------
Sanford Whiteman, Chief Technologist
Broadleaf Systems, a division of
Cypress Integrated Systems, Inc.
e-mail: [EMAIL PROTECTED]
SpamAssassin plugs into Declude!
http://www.mailmage.com/download/software/freeutils/SPAMC32/Release/
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail". The archives can be found
at http://www.mail-archive.com.
