On Sun, Oct 21, 2007, Nathan Ward wrote:
Blocking 25/TCP is acceptable, blocking 587/TCP is not - it is designed for mail submission to an MSA, so serves little use for spam, save when a spammer has detected an open mail relay listening on 587/TCP, or someone has (mis)configured port 587 to allow submission to locally hosted domains from remote hosts without authentication. I'd be /very/ surprised if the networks in question received sufficient complaints from (clueless) mail admins, who were being spammed via one of these techniques.
Or peoples' machines are now being infected by malware which checks for login credentials or uses the existing mail client via various inter-process communication techniques; re-using said login credentials to talk to authenticated SMTP servers. Gotta get a clue; its not enough to just authenticate who sent the email anymore.. Adrian