on Wed, Jan 12, 2005 at 12:41:44PM -0600, Adi Linden wrote: > > 0) for the love of God, Montresor, just block port 25 outbound already. > > What is wrong with dedicating port 25 to server to server communication > with some means of authentication (DNS?) to ensure that it is indeed a > vaild mail server.
Nothing at all. That's more or less what I proposed, though I'd prefer to see something TODAY, like the easily implemented rDNS fix, rather than wait any longer for SPF/DomainKeys/etc. to go through a zillion rounds of argument. As it stands, I reject a rather large percentage of the spam delivery attempts here using generic rDNS as a basis. (Either in the rDNS of the connecting host itself or in the HELO; the latter is responsible for ~75%-80% of the rejections, assumed to be almost entirely zombie-originated). > Mail clients should be using port 587 to submit messages to their > local MTA. Agreed. -- hesketh.com/inc. v: +1(919)834-2552 f: +1(919)834-2554 w: http://hesketh.com join us! http://hesketh.com/about/careers/account_manager.html join us!