[62671] in North American Network Operators' Group
Re: Providers removing blocks on port 135?
daemon@ATHENA.MIT.EDU (Andy Walden)
Sat Sep 20 18:47:01 2003
Date: Sat, 20 Sep 2003 18:36:56 -0500 (CDT)
From: Andy Walden <andy@tigerteam.net>
To: Margie <margie@mail-abuse.org>
Cc: nanog@nanog.org
In-Reply-To: <69020048.1064072324@[192.168.0.2]>
Errors-To: owner-nanog-outgoing@merit.edu
On Sat, 20 Sep 2003, Margie wrote:
> My guess is that you haven't heard of the current issue with various
> servers running SMTP AUTH. These MTAs are secure by normal
> mechanisms, but are being made to relay spam anyway.
Would this be a reference to the qmail-smtp-auth patch that recently was
discovered, that if misconfigured, could allow incorrect relays? If so, I
would say that this was an isolated incident for a single patch for a
specific MTA and only when it was misconfigured. I'm not sure I would
describe that as "secure by normal mechanisms" nor quite the epidemic it
was the first week or two.
I'm not necessarily making a statement one way or the other on port 25
filtering, but SMTP Auth, when properly configured and protected against
brute force attacks is certainly a useful thing. YMMV of course.
andy
--
PGP Key Available at http://www.tigerteam.net/andy/pgp
