[145902] in North American Network Operators' Group
Re: Outgoing SMTP Servers
daemon@ATHENA.MIT.EDU (Graham Beneke)
Wed Oct 26 00:30:08 2011
Date: Wed, 26 Oct 2011 06:29:04 +0200
From: Graham Beneke <graham@apolix.co.za>
To: nanog@nanog.org
In-Reply-To: <4EA771E8.5030303@ispn.net>
X-Report-Abuse-To: abuse@apolix.co.za
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On 26/10/2011 04:35, Blake Hudson wrote:
> An infected machine can just as easily send out mail on port 587 as it
> can using port 25. It's not hard for bot net hearders to come up with a
> list of valid credentials stolen from email clients, via key loggers, or
> simply guessed through probability. I see it every day.
The difference is that it is the relay that accepts the spam on 587 that
ends up on the blacklists. A mail server with a sysadmin that might care
and probably sees business impact in not fixing the problem. As apposed
to an end user that doesn't give a hoot.
Compromised mail authentication details are quick and easy to take down.
A server mis-configured as an open relay on 587 is a one time fix.
End users infected with nasties are a support desk blackhole. Hours of
time explaining to moms and pops how to download anti-virus and install
it and configure it and run it...
--
Graham Beneke
