North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Providers removing blocks on port 135?
On Sat, 20 Sep 2003, Margie wrote: > My guess is that you haven't heard of the current issue with various > servers running SMTP AUTH. These MTAs are secure by normal > mechanisms, but are being made to relay spam anyway. Would this be a reference to the qmail-smtp-auth patch that recently was discovered, that if misconfigured, could allow incorrect relays? If so, I would say that this was an isolated incident for a single patch for a specific MTA and only when it was misconfigured. I'm not sure I would describe that as "secure by normal mechanisms" nor quite the epidemic it was the first week or two. I'm not necessarily making a statement one way or the other on port 25 filtering, but SMTP Auth, when properly configured and protected against brute force attacks is certainly a useful thing. YMMV of course. andy -- PGP Key Available at http://www.tigerteam.net/andy/pgp
|