[77733] in North American Network Operators' Group
Re: Time to check the rate limits on your mail servers
daemon@ATHENA.MIT.EDU (Jason Frisvold)
Thu Feb 3 14:04:01 2005
Date: Thu, 3 Feb 2005 14:02:51 -0500
From: Jason Frisvold <xenophage0@gmail.com>
Reply-To: Jason Frisvold <xenophage0@gmail.com>
To: "Valdis.Kletnieks@vt.edu" <Valdis.Kletnieks@vt.edu>
Cc: Gadi Evron <ge@linuxbox.org>,
=?ISO-8859-1?Q?J=F8rgen_Hovland?= <jorgen@hovland.cx>,
nanog@merit.edu
In-Reply-To: <200502031726.j13HQtxx023394@turing-police.cc.vt.edu>
Errors-To: owner-nanog-outgoing@merit.edu
On Thu, 03 Feb 2005 12:26:55 -0500, Valdis.Kletnieks@vt.edu
<Valdis.Kletnieks@vt.edu> wrote:
> On Thu, 03 Feb 2005 12:16:41 EST, Jason Frisvold said:
>
> > Agreed. And depending on your service, there are different ports
> > worth blocking. For residential users, I can't see a reason to not
> > block something like Netbios. And blocking port 25 effectively
> > prevents zombies from spamming. Unfortunately, it also blocks
> > legitimate users from being able to use SMTP AUTH on a remote server..
>
> There's a *reason* why RFC2476 specifies port 587....
I assume you're referring to the ability to block port 25 if 587 is
used for submission. This is great in theory, but if this were the
case, then the Trojan authors would merely alter their Trojan to use
port 587. Unfortunately, I don't think there's an easy answer to the
spam problem. Sure, we can educate and block. But at the end of the
day, the spammers will just find another way to worm those messages
into the network. Some of these guys are making boatloads of money,
and I hardly think they're willing to throw in the towel if they hit a
bump in the road... On the flipside, those of us working as admins
and trying to stop the flow of spam are making next to nothing..
*sigh*
--
Jason 'XenoPhage' Frisvold
XenoPhage0@gmail.com
