On Mon, Nov 20, 2000 at 07:08:33AM +0100, Piotr Kasztelowicz wrote:
> It not difficult to spuppose, that if MTA were old and
> insecure=possible for open relay the rest of sotwares
> are insecure too.
There are many insecure hosts that are not on the ORBS list simply
because they are not running an open relay. There are many hosts
listed in ORBS that are otherwise secure but someone made an
oopsie. In particular, I believe many older but still prevalent Linux
distributions came with MTAs that were open relays by default but were
otherwise secure.
> There is problem with them, tha
> the list of "relay host's" is widely published on net,
> instead to send it interested admin.
Let's entertain your thoughts on security: if a host is truly
comprimised either by being an open relay or other vulnerability, why
should other hosts have to endure abuse from it? ORBS allows other
administrators to block out a certain subset of hosts.
And even without ORBS there are still plenty of ways for the local
script kiddie to find your system.
PGP signature
