jlewis@lewis.org wrote:
On Sun, 15 Feb 2004 Valdis.Kletnieks@vt.edu wrote:
<snip!>
If we block outbound port 25 SYN packets from origin addresses in the DHCP address blocks, we solve the problem for everybody.
EXACTLY correct!
No...you just speed up the migration (which has already begun) to spam proxies that use the local ISP's mail servers as smart hosts. Then you have to come up with a way to rate-limit customer outbound SMTP traffic.
I agree that proxies that use the local ISP's mail servers as smart hosts is a growing problem. However, it is a problem that is far more manageable than is our current situation. First, if spam is forced through a centralized set of outgoing servers, and these servers do adequate logging, then a compromised system can be detected in a matter of minutes and blocked. Next, requiring users to use SMTP AUTH to authenticate to the mail server, even when on the ISP's network, would throw another hurdle into the spammer's ability to access the ISP's mail server, and thus block the ability of spamware to route mail in this manner. Ultimately, if all local networks, including ISP customers, would require that MUAs submit mail through MSAs (instead of through MTAs), and require that the MUAs use StartTLS to connect to the MSA, it would become very difficult for spammers to hijack an ISP's MTA. (Yes, this means that ISPs will have to run their own PKI, but I can easily see the day where this will be SOP.) Bottom line... I believe that it such easier to control spammer traffic routed through central mail servers, than it is to control spammers using thousands of hijacked systems that have their own SMTP engines dumping mail onto the net. -- Jon R. Kibler Chief Technical Officer A.S.E.T., Inc. Charleston, SC USA (843) 849-8214 ================================================== Filtered by: TRUSTEM.COM's Email Filtering Service http://www.trustem.com/ No Spam. No Viruses. Just Good Clean Email.