anybody else been spammed by "no-ip.com" yet?
Marc MERLIN
marc_news at valinux.com
Sat May 11 22:23:28 UTC 2002
On Fri, May 10, 2002 at 11:27:10AM +1000, Terence Giufre-Sweetser wrote:
> Now there's a good idea, and it works, I have several sites running a
> "port 25" trap to stop smtp abuse.
>
> To stop port 25 abuse at some schools, the firewall grabs all outgoing
> port 25 connections from !"the mail server", and to !"the mail server",
> and runs then via "the mail server", which stops header forging, mass rcpt
> to: abuse, and vrfy/expn probing. Anything that goes past the filters has
> a nice clear and traceable received by: line.
I'm not sure what's so swell with this.
I require SMTP AUTH over SSL with STARTTLS (exclusively), and this nice
little hijack scheme makes for great support calls.
They steal the SMTP connection, and then are enable to provide the SSL
connection and our server certificate (obviously), so the connection fails.
Yes, the "solution" is to pick a different non standard port, which comes
with its own set of problems (not counting mail clients that are unable to
use a different port), but I'd much rather that they do not hijack my client
connections (blocking open relays and DUL IPs works just fine if you
choose/need to do that)
Marc
--
Microsoft is to operating systems & security ....
.... what McDonalds is to gourmet cooking
Home page: http://marc.merlins.org/ | Finger marc_f at merlins.org for PGP key
More information about the NANOG
mailing list