On Tue, 13 Apr 2004, Michel Py wrote:
John Curran wrote: If we can fix this by changing default behavior to make such machines less useful to hackers, while still allowing anyone who wants to originate to do so at will via configuration, what is the harm?
Besides architectural purity (which still bears weight) the problem is that configuration costs money. I have my own SMTP server at home because I'm not happy with my ISP's smarthost.
That same ISP can't reverse-lookup my static IP to return a PTR that has my domain name in it, explain me how they will build a filter that un-filters port 25 for my IP and does not for the next one.
Not being happy with the ISP's smarthost is not justification to run your own; you should change ISPs.. assuming we implement this locked down model it will be necessary to treat all users as equals without priviledge and charge a premium to allow them to use their own smarthost and to have rDNS. (I'm sure they can reconfigure your PTR but choose not to for policy reasons - same reasons) Steve