North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Time to check the rate limits on your mail servers

  • From: Jason Frisvold
  • Date: Thu Feb 03 14:05:04 2005
  • Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=beta;; h=received:message-id:date:from:reply-to:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:references; b=VHnjuetBcpUmc/GQuhuRT9v+k3rlcbIP7/nWk3zgTmZaxTWiWhpXdHkpA/PajB1qhiskzw95pLpjQdyD4Bo8LReXTDHgR6RPNMsZjEo7N1qz/vqFacFyH2m7vDhnK3lX0GZzPSEdi/fKv/LofuAtBpEzJ2DPbZ+xIm5goN4M7Fo=

On Thu, 03 Feb 2005 12:26:55 -0500, [email protected]
<[email protected]> wrote:
> On Thu, 03 Feb 2005 12:16:41 EST, Jason Frisvold said:
> > Agreed.  And depending on your service, there are different ports
> > worth blocking.  For residential users, I can't see a reason to not
> > block something like Netbios.  And blocking port 25 effectively
> > prevents zombies from spamming.  Unfortunately, it also blocks
> > legitimate users from being able to use SMTP AUTH on a remote server..
> There's a *reason* why RFC2476 specifies port 587....

I assume you're referring to the ability to block port 25 if 587 is
used for submission.  This is great in theory, but if this were the
case, then the Trojan authors would merely alter their Trojan to use
port 587.  Unfortunately, I don't think there's an easy answer to the
spam problem.  Sure, we can educate and block.  But at the end of the
day, the spammers will just find another way to worm those messages
into the network.  Some of these guys are making boatloads of money,
and I hardly think they're willing to throw in the towel if they hit a
bump in the road...  On the flipside, those of us working as admins
and trying to stop the flow of spam are making next to nothing..


Jason 'XenoPhage' Frisvold
[email protected]