On Tue, 27 Aug 2002 01:54:39 +0200 "Jeroen Massar" <jeroen@unfix.org> wrote:
SMTP is a protocol which is based on relaying messages from one mailserver to another. An endnode (especially workstations) don't need to run SMTP.
I'm not sure how to truly disable an SMTP server from running on an end host. You can block or force forward port 25, but that is just a number. Be prepared to start doing that for all ports, then protocols, then IP addresses, then protocols again. Furthermore, a forced relay, while perhaps helping to solve the immediate spam problem is most definitely interfering on other things with potentially harmful long term effects. Two of those are end-to-end transparency and the fixing of the real problem. You may not care about either of those, but I would argue they shouldn't be dismissed without very serious thought.
So what's so bad about forwarding all tcp/25 traffic over that relay and letting that relay decide if the MAIL FROM: is allowed to be relayed? And if a client wants to mail from another domain which isn't
There are some potential problems. Don't bother answering them, I'm sure they can be disputed, but I'm also sure there are plenty of other examples an SMTP expert could think of: What if there is a new SMTP specification that doesn't work through the forced relay? What about simply not trusting a relay to do the right thing or for fear of a forced relay adding/changing/snooping/delaying the traffic? What about when SMTP starts going over something other than TCP port 25?
The whole problem is yet again that a small amount of people (this time spammers) make a whole lot of problems for a lot of people (we).
Maybe some different thinking is called for. Here are some other suggestions, take them or leave them. They aren't perfect either (don't try and answer these either, I'm sure they can be disputed :-): Force forward by default, but allow anyone who wants to use TCP port 25 the ability to do so. They must sign an non-abuse agreement or whatever. Then they get their host/link put into the TCP port 25 open path. Do some rate-limiting by default. Perhaps coupled with the above? Start offering spam blocking and filtering services for end users. Get better at monitoring and incident response. This will pay dividends for lots of other areas as well. ...and finally to quote Randy, send code. :-) John