would have MTA turned on.)
These days I've been unable to find any justifiable need for an unprotected relay of any sort whatsoever. 99% of mailers should be the final delivery point (or at least the transfer point to some private network). The remaining few are ISPs who need to relay from their customers to the world, of course, but so long as they don't make the mistake of smarthosting for un-protected customer MTAs they can simply block relay by restricting it to their own netblocks. Even most MX Their customers != Their blocks, it's the problem. For example, the customers (mail customers) of ISP-1 can work through dialup or ISDN account of the ISP 2, etc. And it makes such access lists very long and relays relatively open (I know ISP whose relays are open for all russion netblocks, not for his own netblocks).
Don't try to do impossible - if you restrict relaying, you restrict access and service; totally free relay is wrong today; but totally restricted service is wrong too. In real life there is some balance between them.
targets are the final delivery point for the MXed domain. The real problem is that people are still installing mailers that do unprotected relaying by default.
5) Hosts listening to port 25.
[IMHO, Occams razor would have drawn blood already.]
Yup -- IMRSS isn't running any more.... It was a pretty interesting and revealing survey though. I hope someone can do it again too, without publishing the detailed results of course, just so we can measure our progress.
-- Greg A. Woods
+1 416 218-0098 VE3TCP <gwoods@acm.org> <robohack!woods> Planix, Inc. <woods@planix.com>; Secrets of the Weird <woods@weird.com>
Aleksei Roudnev, (+1 415) 585-3489 /San Francisco CA/