North American Network Operators Group
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Port 25 - Blacklash

  • From: Suresh Ramasubramanian
  • Date: Wed Apr 27 05:05:03 2005
  • Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:reply-to:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=dYEko2RSU4W3t+pLw6QRtNbsgJNYq3EC9d27x4FgHm2LmejPR34sIqDfaeqsqihQCbPfJUxQdyo/NbSvl/MRCn6LLBxeQboe22buM9TE9luGFY5pSa7H3EA1I/rsV9ylbNedANS6UTA71fTGE6jILN9eHH8M91HwhrcADSpiUXw=
On 4/27/05, Joel Jaeggli <[email protected]> wrote:
> > In any event the malware is already ahead of port 25 blocking and is
> > leveraging ISP smarthosting. SMTP-Auth is the pill to ease this pain/
> 
> Really smtp-auth will solve it? or do most windows mua's cache your
> password?

They sure do cache the password.

But with smtp auth, the infected user is stamped in the email headers,
and all over my MTA logs, when a bot that hijacks his PC starts
spamming.

I can easily remove auth privileges for his account, and/or limit his
access to a walled garden till such time as he cleans up - without
taking the trouble to match timestamps of the spam + dig into radius
logs

Easier to identify, and easier to lock down, than unauthenticated access

--srs