On Tue, 13 Apr 2004, John Curran wrote:
Vixie writes:
since we're talking about laziness, let's look at two ways in which we (nanog "members" and others like us around the world) have been lazy, for decades, and have therefore helped to create the current miserable "abuse" situation.
The reality is that the vast majority of end-user customers connected to the Internet have one or two email servers, and there is no reason to allow client connections to port 25 for posting. If ISP's simply filtered port 25 by default except from specified servers, there wouldn't be a huge base of client systems to tap into for robo-farms for spamming.
Hi John, I dont think this is a fair assessment of the SMTP 'abuse' problem.. its a lot more complicated, blocking port 25 will not reduce the volume of spam at all. Most of the spam I'm seeing comes directly from end user hosts that have either an open proxy on them or some kind of malware with its own SMTP engine designed to send out junk.. in this model the only port 25 traffic is that from the end host coming outwards, I believe you're suggestion is to filter port 25 towards hosts. Even blocking the outbound 25 traffic (eg pushing it via the ISP SMTP relay) will not stop the emails. It is possible to extend this and implement some sort of statistical sanity checking on the mail being relayed (eg alarm/deny mail once it exceeds X/minute/host) which is potentially a workable solution.. I'd be interested if theres any patches to the major MTAs to do something with this (we use exim) as it could be an interesting test. Of course this model throws up new problems you need to address such as roaming users not being able to smtp via their 'home' ISP via auth'd SMTP, making sure you dont filter ISP-ISP port 25 traffic etc Steve