[65570] in North American Network Operators' Group
Re[2]: SPAM from own customers
daemon@ATHENA.MIT.EDU (Richard Welty)
Tue Dec 2 14:56:25 2003
Date: Tue, 2 Dec 2003 14:53:25 -0500 (EST)
From: Richard Welty <rwelty@averillpark.net>
To: nanog@merit.edu
In-Reply-To: <01f901c3b90b$00f8f3c0$02005a0a@2mbit.com>
Reply-To: <nanog@merit.edu>
Errors-To: owner-nanog-outgoing@merit.edu
On Tue, 2 Dec 2003 14:32:16 -0500 Brian Bruns <bruns@2mbit.com> wrote:
> SMTP AUTH is becoming risky if its not carefully setup and monitored. I can
> name one big time spammer who has warmed up to cracking weak passwords on
> e-mail systems that do SMTP AUTH. Means you'd have to filter your outbound
> mail servers port 25 from anyone not inside your network or a trusted
> source.
not just weak passwords, but there are also obvious default, admin,
and guest accounts on some SMTP servers which are sitting there,
easily guessed, and they are indeed being taken advantage of.
richard
--
Richard Welty rwelty@averillpark.net
Averill Park Networking 518-573-7592
Java, PHP, PostgreSQL, Unix, Linux, IP Network Engineering, Security
