|
True
or False: The bottom line is, once a machine can connect, to either port
25 or port 587, AND can AUTHENTICATE, then "game over". But if you have a
properly secured mail server, with SMTP AUTH/Relay for Addresses, and the SPAM
zombie CANNOT authenticate, then you are still "safe", or at least "configured
the best you can be". ??? (We don't use Declude. We are moving
to open source email/spam/virus alternatives. We have a tough road ahead
it seems, no matter WHAT we're running...)
The RFC is AUTH-only, but not in
practice until IMail supports it. For the meantime however, I would
agree that for the most part, there won't be problems.
If you take a
gander at the spam article posted today, there is in fact spamware that uses
SMTP AUTH to send through legitimate mail servers, and one of your clients may
well be the victim of this. I expect for the incidence of this to grow
over time, and while this first affected Earthlink, I have noted it spreading
to other properties. This might eventually become a problem, though
native port 587 support will hopefully be offered by then.
For those
that run Declude Hijack, this configuration would present problems, and you
would have to provide an exception for all port 587 users as a
group.
Declude Virus will also report back the IP corresponding to
viruses detected, and this information is used to generate a blacklist used by
Declude's customers. You wouldn't want your data gathered under this
configuration.
If you use Declude, you could in fact construct a simple
filter that would blacklist anything that didn't AUTH and came from the IP
that you are doing redirection for. That would at least close the hole
of allowing spammers to bypass your untrusted port and have their IP masked by
the port redirection if in fact they did try.
Maybe others have
thoughts about or experienced additional issues. I am curious as to how
well this can stand up to heavy traffic, though that won't likely happen for
the time being if restricted to just port 587. It worries me however
that pm.exe has such an obvious bug that you have to give the port an extra
digit. I would suggest looking at RelayTCP as an alternative if this
bothers you.
Matt
Marc Funaro wrote:
The email looks like it's coming from the server itself, but since 587 is
SMTP AUTH only, we have control over who's sending using that port
completely and I don't think it matters much as far as SPAM blocking is
concerned. The whole setup is to provide outgoing mail services for our
clients that are unable to connect on port 25, and none of our clients are
spammers.
> -----Original Message-----
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]]On Behalf Of Matt
> Sent: Wednesday, February 02, 2005 8:58 PM
> To: [email protected]
> Subject: Re: [IMail Forum] port-map running as a service
>
>
> Someone posted about this just last week and referenced the archives,
> though he didn't provide a complete link to the thread in question:
>
>
> http://www.mail-archive.com/imail_forum%40list.ipswitch.com/msg95382.html
>
> I did find this post indicating that RelayTCP was one such program and
> he indicated how to use the "at" command for stop/start
>
>
> http://www.mail-archive.com/[email protected]/msg41770.html
>
> RelayTCP can be downloaded from the following site:
>
> http://www.dlcsistemas.com/html/relay_tcp.html
>
> I suppose that the issue with this is that the E-mail will look like it
> is coming from the IP that is being used to relay, and this might cause
> the true source IP to be lost, and that is very important for spam
> blocking. I would be curious to know if this is in fact the case.
>
> Matt
>
>
>
>
> Marc Funaro wrote:
>
> >Kinda off-topic.
> >
> >I am using port-map to map port 587 to port 25 on my iMail box (Windows
> >2003).
> >
> >First I discovered that I actually had to run the app using the
> following
> >command line:
> >
> >pm.exe 5587 69.59.165.93 25 w
> >
> >(note the 5587, instead of just 587). It seems that the app ignores the
> >first character of the source port to be remapped... hmmph. Anyway...
> >
> >I have put the command line into a batch file,
> remap_port_587.bat. I'd like
> >to be able to run that batch file 'as a service' so to speak, so that
> >whenever the system is restarted, I don't have to log in and
> manually re-run
> >the command line.
> >
> >Any ideas how I might do that, or if I even need the batch file
> at all... is
> >there another way?
> >
> >Lastly, since I removed this machine's own IP addresses from
> the "relay for
> >addresses" list, it is not a mail relay on port 587. Are there any
> >ramifications of this I should know about?
> >
> >If this works, we'll have solidly solved the problem for users that are
> >behind ISP filters blocking port 25... and we'll all be very happy!
> >
> >Thanks in advance,
> >
> >Marc
> >
> >
> >To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
> >List Archive:
http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
--
=====================================================
MailPure custom filters for Declude JunkMail Pro.
http://www.mailpure.com/software/
=====================================================
To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
--
=====================================================
MailPure custom filters for Declude JunkMail Pro.
http://www.mailpure.com/software/
=====================================================
|
