On 7/19/2010 8:43 AM, Brian Godette wrote:
On 7/15/2010 6:55 PM, Alexandre Chapellon wrote:
Hi all,
Few months ago I asked this list if using SA on outgoing smtp was a
good idea (Thread: SA on outgoing SMTP).
This thread quickly moved to "Block direct port 25 for non-mta users!
I was really afraid of doing so and didn't really wanted to go this way.
now about 6 months later I have to say: I was a fool! Today.
After spending some time trying to find a more user-friendly way to
clean up the mess around here, I came to the conclusion that port 25
blocking on the bound of my network was inevitable.
Today it's done, and I have followed few others advices given on list.
I wanted to testify the benfits of good designed network for thoose
who like me are afrais of annying customer with security (even more
blocking port 25 on the limits of the network is not really annoying
for most of customers).
Thanks to Ted Mittelstaedt, Matus UHLAR, Martin Gregorie, with your
help dudes, all I have to care about now is my mailservers configuration!
--
Alexandre Chapellon <alexandre.chapel...@mana.pf
<mailto:alexandre.chapel...@mana.pf>>
Mana SAS
I hope you realize you still need to deal with the issues of users with
weak/guessable passwords and phishing of account info as well as the
newer bots that recover account info from Outlook/Outlook
Express/Thunderbird.
Blocking outbound 25 from the rest of your network, and disallowing
submission to your MX on 25 from your network, does very little for
keeping your own MX from sending spam which is what SA on outgoing SMTP
would be for. It's great from a policy standpoint and contains the
"simple" bots, but for keeping your outbound from MX clean, not so much.
That absolutely isn't true. Yes I agree that it's possible for a
spammer to write a virus that uses the submission port and authenticated
SMTP to send mail and runs on a user's PC. But if your running even a
simple log analysis script on your mailserver and you READ the daily
reports from it, then a user that sends many tens to hundreds of
thousands of e-mails will stick out like a sore thumb.
We have NEVER had a spammer do this to one of our users. I don't know
why because it seems to me like it's an obvious way to relay spam. What
we HAVE had happen is spammers guess weak passwords and relay spam
through the webmail interface. My guess is that it's just a lot
easier to do this for them. Of course, when they do that their outgoing
spam is stamped with the username that was used to relay, and it's very
easy to detect and change the password.
So far, all the spam viruses we have encountered on user systems are
of the variety where they infect the client and attempt to relay to
port 25.
Ted
