[47743] in North American Network Operators' Group
Re: anybody else been spammed by "no-ip.com" yet?
daemon@ATHENA.MIT.EDU (Marc MERLIN)
Sat May 11 22:11:52 2002
Date: Sat, 11 May 2002 15:23:28 -0700
From: Marc MERLIN <marc_news@valinux.com>
To: Terence Giufre-Sweetser <terry@tdce.com.au>
Cc: measl@mfn.org, "Forrest W. Christian" <forrestc@imach.com>,
"Eric A. Hall" <ehall@ehsco.com>, nanog@nanog.org
Message-ID: <20020511222328.GD1311@merlins.org>
Mime-Version: 1.0
Content-Disposition: inline
In-Reply-To: <Pine.LNX.4.10.10205101108300.15898-100000@camelot.tdce.com.au>
Content-Type: text/plain; charset=us-ascii
Errors-To: owner-nanog-outgoing@merit.edu
On Fri, May 10, 2002 at 11:27:10AM +1000, Terence Giufre-Sweetser wrote:
> Now there's a good idea, and it works, I have several sites running a
> "port 25" trap to stop smtp abuse.
>
> To stop port 25 abuse at some schools, the firewall grabs all outgoing
> port 25 connections from !"the mail server", and to !"the mail server",
> and runs then via "the mail server", which stops header forging, mass rcpt
> to: abuse, and vrfy/expn probing. Anything that goes past the filters has
> a nice clear and traceable received by: line.
I'm not sure what's so swell with this.
I require SMTP AUTH over SSL with STARTTLS (exclusively), and this nice
little hijack scheme makes for great support calls.
They steal the SMTP connection, and then are enable to provide the SSL
connection and our server certificate (obviously), so the connection fails.
Yes, the "solution" is to pick a different non standard port, which comes
with its own set of problems (not counting mail clients that are unable to
use a different port), but I'd much rather that they do not hijack my client
connections (blocking open relays and DUL IPs works just fine if you
choose/need to do that)
Marc
--
Microsoft is to operating systems & security ....
.... what McDonalds is to gourmet cooking
Home page: http://marc.merlins.org/ | Finger marc_f@merlins.org for PGP key
