nanog mailing list archives

Re: Outgoing SMTP Servers

From: Blake Hudson <blake () ispn net>
Date: Tue, 25 Oct 2011 21:35:20 -0500



J wrote the following on 10/25/2011 9:25 PM:

Blake Hudson wrote:

If
587 becomes popular, spammers will move on and the same ISPs that
blocked 25 will follow suit.

I don't see this happening as easily.  Authenticated means an easier
shutdown of an account, rather than some form of port block/etc.

An infected machine can just as easily send out mail on port 587 as itcan using port 25. It's not hard for bot net hearders to come up with alist of valid credentials stolen from email clients, via key loggers, orsimply guessed through probability. I see it every day.

I will shutdown a compromised account on my end, but that doesn't stopATT's infected subscriber from spamming 100 other servers using 100other stolen credentials. I may also send an abuse report to ATT if theyhave an infected machine trying to perform a dictionary attack or bruteforce logins against my port 587 SMTP server. ATT's going to deal withthe abuse reports as cheaply as possible. If they receive enough, I haveno doubt they'll repeat past mistakes.

Current thread:

Re: Outgoing SMTP Servers, (continued)
- - - Re: Outgoing SMTP Servers Brian Johnson (Oct 28)
    - Re: Outgoing SMTP Servers William Herrin (Oct 28)
    - Re: Outgoing SMTP Servers Mike Jones (Oct 28)
    - Re: Outgoing SMTP Servers Brian Johnson (Oct 28)
    - RE: Outgoing SMTP Servers McCall, Gabriel (Oct 28)
    - Re: Outgoing SMTP Servers Jay Ashworth (Oct 30)
- RE: Outgoing SMTP Servers Tim (Oct 25)
  - Re: Outgoing SMTP Servers Leigh Porter (Oct 26)
- Re: Outgoing SMTP Servers Blake Hudson (Oct 25)
  - Re: Outgoing SMTP Servers J (Oct 25)
    - Re: Outgoing SMTP Servers Blake Hudson (Oct 25)
    - Re: Outgoing SMTP Servers Graham Beneke (Oct 25)
  - Re: Outgoing SMTP Servers Robert Drake (Oct 25)
- Re: Outgoing SMTP Servers Ray Soucy (Oct 26)
- Re: Outgoing SMTP Servers Brian Dickson (Oct 25)