Transparent hijacking of SMTP submission...

Suresh Ramasubramanian ops.lists at gmail.com
Fri Nov 28 00:10:03 UTC 2014 

Yes. Till that hotspots IP space gets blackholed by a major freemail
because of all the nigerians and hijacked devices emitting bot traffic
through stolen auth credentials.

There's other ways to stop this but they take actual hard work and rather
more gear than a rusted up old asa you pull out of your closet as like as
not.
 On Nov 28, 2014 2:10 AM, "Mark Andrews" <marka at isc.org> wrote:

>
> Which is why your MTA should always be setup to require the use of
> STARTTLS.  Additionally the CERT presented should also match the
> name of the server.
>
> There is absolutely no reason for a ISP / hotspot to inspect
> submission traffic.  The "stopping spam" argument doesn't wash with
> submission.
>
> Mark
>
> In message <54778167.7080808 at bogus.com>, joel jaeggli writes:
> >
> > I don't see this in my home market, but I do see it in someone else's...
> > I kind of expect this for port 25 but...
> >
> > J at mb-aye:~$telnet 147.28.0.81 587
> > Trying 147.28.0.81...
> > Connected to nagasaki.bogus.com.
> > Escape character is '^]'.
> > 220 nagasaki.bogus.com ESMTP Sendmail 8.14.9/8.14.9; Thu, 27 Nov 2014
> > 19:17:44 GMT
> > ehlo bogus.com
> > 250-nagasaki.bogus.com Hello XXXXXXXXXXXXXXX.wa.comcast.net
> > [XXX.XXX.XXX.XXX], pleased to meet you
> > 250 ENHANCEDSTATUSCODES
> >
> > J at mb-aye:~$telnet 2001:418:1::81 587
> > Trying 2001:418:1::81...
> > Connected to nagasaki.bogus.com.
> > Escape character is '^]'.
> > 220 nagasaki.bogus.com ESMTP Sendmail 8.14.9/8.14.9; Thu, 27 Nov 2014
> > 19:18:33 GMT
> > ehlo bogus.com
> > 250-nagasaki.bogus.com Hello
> > [IPv6:2601:7:2380:XXXX:XXXX:XXXX:c1ae:7d73], pleased to meet you
> > 250-ENHANCEDSTATUSCODES
> > 250-PIPELINING
> > 250-8BITMIME
> > 250-SIZE
> > 250-DSN
> > 250-AUTH DIGEST-MD5 CRAM-MD5 LOGIN
> > 250-STARTTLS
> > 250-DELIVERBY
> > 250 HELP
> >
> > that's essentially a downgrade attack on my ability to use encryption
> > which seems to be in pretty poor taste frankly.
> --
> Mark Andrews, ISC
> 1 Seymour St., Dundas Valley, NSW 2117, Australia
> PHONE: +61 2 9871 4742                 INTERNET: marka at isc.org
>

More information about the NANOG mailing list