On Fri, May 10, 2002 at 11:27:10AM +1000, Terence Giufre-Sweetser wrote:
Now there's a good idea, and it works, I have several sites running a "port 25" trap to stop smtp abuse.
To stop port 25 abuse at some schools, the firewall grabs all outgoing port 25 connections from !"the mail server", and to !"the mail server", and runs then via "the mail server", which stops header forging, mass rcpt to: abuse, and vrfy/expn probing. Anything that goes past the filters has a nice clear and traceable received by: line.
I'm not sure what's so swell with this. I require SMTP AUTH over SSL with STARTTLS (exclusively), and this nice little hijack scheme makes for great support calls. They steal the SMTP connection, and then are enable to provide the SSL connection and our server certificate (obviously), so the connection fails. Yes, the "solution" is to pick a different non standard port, which comes with its own set of problems (not counting mail clients that are unable to use a different port), but I'd much rather that they do not hijack my client connections (blocking open relays and DUL IPs works just fine if you choose/need to do that) Marc -- Microsoft is to operating systems & security .... .... what McDonalds is to gourmet cooking Home page: http://marc.merlins.org/ | Finger marc_f@merlins.org for PGP key