Posted on 04/11/2005 10:12:57 AM PDT by ShadowAce
Umm Are you sure about that here is my connection to a mail server
Proto Local Address Foreign Address State
TCP 10.3.8.86:2591 10.2.1.20:25 ESTABLISHED
Yep- that connection shows outbound on 2591 to a host that is listening on 25. The idea of the block is to disallow connections to servers listening on 25.
If the spam is being sent by bots closing down 25 wont do anything becuase they dont send on that port..
Actually it's simpler than that- just configure your server to route everything to the ISP's server just as most mail clients do. The problem is that it would not take much time at all for the spammers to get around the block- all they need to do is get the spambot to route all the traffic through the ISP. The SMTP server address can be hacked from the registry. The net result is an exponential increase in the workload on the ISPs' servers with no significant reduction in spam volume.
This would quite quickly get your ID terminated... read your AUP (acceptable use policy).
Well, perhaps it wasn't worded too clearly. Any firewall, including the ISP's, can be configured to block traffic that is *calling* any port. So the idea is to block traffic that is calling on port 25 outside the ISP's own network, forcing users to route all messages through the ISP's server.
Sorry, you're incorrect: mailing headers which contain hostname/IP address are appended to every piece of email at every hop.
The most you can do here is to use a broken system and insert additional, incorrect information before passing along, but the host involved would have been tagged as broken by most RBLs within minutes.
If you run it through the ISP's mail server as client access you may run into mail quota checks, and it's going to interfere with forging the From: address and the headers.
It's not even that complicated. I have SBC DSL and run my own Sendmail server for my own use. When SBC started blocking 25, I simply had to fill out a web form to get it unblocked. Today I still run my own mailserver on 25 as if the blocking didn't even exist...no smarthost required.
Yep, there's no free lunch. To deal with spambots it would make more sense for ISPs to monitor the volume of SMTP traffic and alert the user if there's a spike (perhaps enforced by a block if it continues).
I just found a useful feature in McAfee (I just deployed it here as a replacement for Symantec). You can configure the antivirus client to whitelist the programs that can use port 25, so the only way a trojan can turn your machine into a spambot would be to replace your existing mail client or hack the whitelist. ZoneAlarm has been using that technique for all internet traffic.
If the ISP makes unblocking the port that easy then I'd have no problem with it. My worst nightmare would be having to call the "Your call is important to us" recording to get in re-opened.
PKI (public key infrastructure) is intended to encrypt / authenticate email from / to *individuals* not systems and very few places have it running on anything other than a rudimentary basis due to the cost and complexity involved.
The large players could implement Certs for their mail relays, but given the difficulty most locations have with simply running a virus scan on an infected PC, this would also create lots of delivery issues.
To my knowledge, the only ISP doing this is AOL and -- to be catty -- a lot of places don't get excited if email for AOL is bounced...
That is, this might as easily be considered a feature :)
Email is received on port 25 -- not sent. You can verify, if you wish, by doing a netstat and checking the ports in use.
Ugh, I agree, especially considering the low quality Indian Tier One support SBC utilizes. Unblocking the port was simple enough, and they had it done three hours after I requested it. It really wasn't an issue.
The only problem I had with it was the way SBC promoted it to users. I didn't know that they'd blocked 25 until I noticed that none of my domains had received any emails for a few days. A quick post to broadbandreports.com revealed the reason, but SBC should have done a better job letting its users know what was about to happen. An EMAIL would have been nice!
It's useful to have, but by your own account 75% accepted email without an in-addr.
Most of the spambots are short-lived on any given machine anyway. All it takes is one recipient that can read headers and he's busted.
Just getting everyone to implement SPF records, and then require a valid SPF resolution before accepting the mail would fix the spambots.
You are partially correct. Email is received on port 25, but POP3 and IMAP are used by clients to read email from a hub etc.
Port 25 (SMTP) is generally server to server and POP3/IMAP is client -> server.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.