Providers removing blocks on port 135?

• Previous message (by thread): Providers removing blocks on port 135?
• Next message (by thread): Providers removing blocks on port 135?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Sat, 20 Sep 2003, Margie wrote:

> My guess is that you haven't heard of the current issue with various
> servers running SMTP AUTH. These MTAs are secure by normal
> mechanisms, but are being made to relay spam anyway.

Would this be a reference to the qmail-smtp-auth patch that recently was
discovered, that if misconfigured, could allow incorrect relays? If so, I
would say that this was an isolated incident for a single patch for a
specific MTA and only when it was misconfigured. I'm not sure I would
describe that as "secure by normal mechanisms" nor quite the epidemic it
was the first week or two.

I'm not necessarily making a statement one way or the other on port 25
filtering, but SMTP Auth, when properly configured and protected against
brute force attacks is certainly a useful thing. YMMV of course.

andy
--
PGP Key Available at http://www.tigerteam.net/andy/pgp

• Previous message (by thread): Providers removing blocks on port 135?
• Next message (by thread): Providers removing blocks on port 135?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]