----- Original Message -----
Sent: Thursday, November 17, 2005 11:31
PM
Subject: RE: [Declude.JunkMail] OT:
another SOBERing though
Serge, that's a misleading line of
reasoning.
Here's the thing:
Auth on port 587 is the right best practice for ISPs (and
some corporations) so that they can properly secure their MTA against misuse
by 3rd parties, including worms on their client subnets.
It cuts off large swaths of current flaws: the ISP won't
have any open relays, won't have whitelisted client subnets, thereby allowing
the ISP to firewall outbound port 25 from their personal clients. Auth
on 587 also allows the client to wander all over the Internet with their
laptop and still send mail with their own mailfrom name from the expected
ISP's MTA.
As you've surmised, this doesn't help if the bad guys
have auth that they've stolen from one of your clients.
However, this becomes the same case as if the bad guy is
one one of your clients, and the answers are the same; the ISP needs traffic
logging and alerts, e.g. the mail volume restrictions over time that were
discussed earlier today.
Is that clearer?
Andrew 8)
not sure how using port 587 will solve
this
cant the spammers/virus writers eventualy use
this port
why would that be a long term solution
?
----- Original Message -----
Sent: Thursday, November 17, 2005
7:24 PM
Subject: Re: [Declude.JunkMail] OT:
another SOBERing though
I think one of the issues here is that Hijack was
designed to solve a problem that existed due to omission on the part of
IMail, but being a separate app, it might not be the most optimal method,
though for now it definitely is.
Most servers on the Internet have
no policies in place to restrict the volume of E-mail through
authenticated accounts. This is a gaping hole and it is now being
exploited. The best way to effectively stop such things is to
integrate that functionality into the servers themselves, and all servers
need such settings defaulted to being enabled in order to protect the
Internet from the garbage that hacked accounts can spew.
Clearly
people aren't taking this seriously enough, including the often exploited
likes of HotMail/Microsoft and Yahoo. I figure that eventually
everyone will begin to take this seriously, but only after things have
become much worse. Keep in mind that most of us were operating as
open relays up until about 2000, and most of us had no alternative.
E-mail systems with their very loose or completely lacking policy
enforcement in combination with being the most often attacked system on
the Internet with the most financial gain should be a primary focus as far
as security goes.
What really gets me is that in the last couple of
years, there was a huge focus on SPF, Caller-ID and Domain Keys, but very
little focus on propagating port 587/AUTH-only support on mail servers,
and seemingly no focus in getting E-mail clients to auto-negotiate such
settings. Now we are seeing another completely predictable situation
in which spammers and virus writers are automating the hacking of E-mail
accounts, and there are virtually no protections in place. IMO, it's
a shame that the biggest players were pushing for what I consider to be
almost valueless functionality while the big names behind them were
also the ones that were being exploited the most and still are.
These are also the same fools that paid-off the Congress so that they
'can'-Spam.
Matt
Serge wrote:
hijack will work, but it will be much
better if it works based on the authenticated user instead of
ip
also we need to be able to set different
limits/categories for different users
declude, are listening?
-----
Original Message -----
Sent:
Thursday, November 17, 2005 6:36 PM
Subject:
RE: [Declude.JunkMail] OT: another SOBERing though
Wow!
It's like 1995 - 2005 had never been.
:-|
ok, I must say I never worked with
Declude Hijack. It's not simply this what we need
now?
Markus
You can read about or get your own
version of the password stealing app here:
Andrew 8)