On Oct 23, 2007, at 1:48 PM, Christopher Morrow wrote:
On 10/23/07, Jack Bates <jbates@brightok.net> wrote:
I really don't get it. While I understand with tcp/25 blocking, there is absolutely no reason to block tcp/587. If credential's are being hijacked, it is
morrowc$ telnet mail.ops-netman.net 26 Trying 71.246.230.124... Connected to mail.ops-netman.net. Escape character is '^]'. 220 A host is a host from coast to coast... Hosty-host ESMTP...
why don't people just run a new version of their MTA on a port not-filtered?? The simple fact is that port-25 filtering does help, it does also seem to piss off some portion of 'smart folks' (power users, whatever you choose to call them). So, being smart, just work your box(es) such that this isn't a problem for you?
I want to make it clear... I don't mind people filtering either 25 or 587, but, blocking both is highly unacceptable. Even more unacceptable in my opinion is hijacking connections to either off to your own man-in-the-middle attack server. Owen