Outgoing SMTP Servers
graham at apolix.co.za
Wed Oct 26 04:29:04 UTC 2011
On 26/10/2011 04:35, Blake Hudson wrote:
> An infected machine can just as easily send out mail on port 587 as it
> can using port 25. It's not hard for bot net hearders to come up with a
> list of valid credentials stolen from email clients, via key loggers, or
> simply guessed through probability. I see it every day.
The difference is that it is the relay that accepts the spam on 587 that
ends up on the blacklists. A mail server with a sysadmin that might care
and probably sees business impact in not fixing the problem. As apposed
to an end user that doesn't give a hoot.
Compromised mail authentication details are quick and easy to take down.
A server mis-configured as an open relay on 587 is a one time fix.
End users infected with nasties are a support desk blackhole. Hours of
time explaining to moms and pops how to download anti-virus and install
it and configure it and run it...
More information about the NANOG