Earl Hood wrote: > On January 22, 2010 at 16:26, Ken Hornstein wrote: > >> The port 25 block is pretty much standard for large ISPs today; it's >> to prevent spammers from using massive networks of compromised PCs to >> deliver spam. > > Changing ports is useless unless authentication is required. > If deterring spammers is the primary goal, then ISPs can just require > authentication for customers over the standard SMTP port. > > Changing to the submission port provides no benefit unless > authentication is required since spammers just tweek things to use > the submission port to send spam. > > However, even with authentication, if a system is zombied, probably > would not take much for authentication credentials to be stolen by > the malware and used for sending out spam.
Most people (such as myself) who run personal mail servers have it set up so port smtp port accepts mail for the domain, but will not forward, and submission port that will forward, but must be authenticated. If you're just listening on port 25 and 587 but do the same thing regardless, well, you're wrong. :-) Also, even if user X is compromised, and their account is being use to spam the crap out of machines, then at least there's a chokepoint. Either the admin is going to notice something unusual is up, and stop it, or they won't and they'll one day find out they're on a RBL somewhere, and *NO* mail is going out. Requiring authentication on port 25 is pointless. I say pointless because most do anyway, allowing you to authenticate on port 25 and relay through them. No authentication, no relay. Port 587 just sort of makes it easier to separate incoming (to your systems) from outgoing (from your systems; oddly thought of, since it's really "incoming intended to go out"). Further, you don't want the spambot army of death attacking port 25 trying to authenticate, and thus also blocking regular incoming mail. Granted, it would block incoming-intended-to-go-out mail. :-) Sean -- Sent from the 1st Circle _______________________________________________ Nmh-workers mailing list [email protected] http://lists.nongnu.org/mailman/listinfo/nmh-workers
