[email protected] wrote:
From: W B Hacker
The checks in rcpt - for spamming from trojaned windozes in LAN and
using passwords stolen with trojans.
IF 'in LAN' really does mean 'Local...' and taking as a given that
protecting WinDoze from infection is not possible and never will be,
- could you instead operate internally on ONLY a non-standard submission
port and protocol such that 'house configured' MTA would work, but bots
assuming 25, 465, 587 and their respective protocols would not even FIND
the 'real' submission port?
Bots needn't to assume. In order to send via a relay, a bot needs
to know the relay's hostname. How the bot can know the hostname?
By looking into Outlook Express (or Outlook, or Microsoft Internet Mail)
settings. There is the port number there too.
Along with login and password if they are required.
I'll take the WinWoes vulnerability as a given.
So I don't see a difference at which port Exim accepts submissions.
SOME difference. Not all bots are created equal.
Historically, far more operated a port-25-seeking smtp engine of their
own than were able to find credentials and emulate an MUA.
I'll also take as a given that that has shifted.
Fortunately, we have no need to support 'permanent' WinClients here -
but the code you posted may still be of interest in an acl_not_smtp acl
apllied to webmail if/as/when folks are on a temporary machine.
I have set up my Exim to listen on two ports (25 and another)
only because my old ISP blocked port 25.
As they should do.
Smart folks, and they'll probably not be among the 18 Ukrainian .tld I
hard block who DON'T try to curb the worst of their WinBots.
No Geo-IP blocks here, though. (hint, hint)
Even for Chinese CIDR /8 ranges, I don't firewall-block ALL of their
carriers.. most are government and university ones that are such chronic
serial abusers I begrudge the wasted b/w and log bytes.
I may be a hard-a**, but I am a SELECTIVE hard-a**
;-)
Bill
--
韓家標
--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
