Jack Bates wrote:
James Hess wrote:
Preventing hosts from just SMTP'ing out just anywhere they like creates a new hurdle for any infection to get over to spread; now any malware suddenly needs to figure out a SMTP server to use, and a username and password to use with SMTP authentication, and any other restrictions imposed by the ISP outgoing MTA.
This sounds great, except it doesn't scale. My router says there is no noticeable difference between tcp/25 and tcp/445, or udp/134 or udp/1434 or tcp/1025, or tcp/80. It asked if we should just block all ports and force people through proxy servers. Why mitigate one vector when you can take them all out? What makes SMTP so special a vector?
Yes, my router speaks. Yours doesn't?
Jack
You said it does not scale but then went on to describe a completely differant issue. Agreed, SMTP is not really a special vector, other than it's ovbious commercial spam use. So just block all the usual virus vector ports, block 25 and force people to use your own SMTP servers and the problem 9this particular one goes away.. -- Leigh