On Fri, 25 Feb 2005, Christopher X. Candreva wrote: On Fri, 25 Feb 2005, just me wrote:
What are you, stupid? The spammers have drone armies of machines with completely compromised operating systems. What makes you think that their mail credentials will be hard to obtain?
What are you, stupid ? Run a virus scanner on your mail relay so you don't propogate any viruses. That certainly solves the problem in question, preventing compromised hosts from using their user's credentials to transmit AUTHed spam through their configured smarthost. No, wait, your comment is a total non sequitur. While AUTHed spam from zombies will be easier to detect and block, it is not the Magic Solution that many folks on this list are presenting it as. Most ISPs don't watch logs for the signs of abuse now, why would they magically change their behavior and monitor logs if they required auth? Just because there is more of an audit trail doesn't mean that it will be used. matt ghali --matt@snark.net------------------------------------------<darwin>< The only thing necessary for the triumph of evil is for good men to do nothing. - Edmund Burke