1 Jul
2004
1 Jul
'04
11 p.m.
hi,
let me just quickly add my 2c.
it is absolutely _NOT_ uncommon for users to _NOT_ use their ISP's mailserver
for outgoing mails.
and please don't say such things as providers should block all ports by
default and only open some upon request!
what is that for a view of freedom huh ?
i mean, you use a service and you are supposed to know their terms and policy.
and you are supposed to know what possible danger you are exposing yourself if
you get connected.
now you should manage yourself to protect yourself or use software supplied by
your provider for that purpose.
it is not a good thing at all if your provider just blocks every connex not
having been initiated by you.
and i hope it won't be like that in the any near future.
disabling port 25 is a bad thing.
and it won't prevent spammers from spamming.
you know, there are many ports right?
spam is a annoying, but you own't reduce it by such means IMHO.
first off - after your flood of mails - I can see that
indeed you
may have more of an idea about SMTP & consorts than most.
I'll add that I'm responsible for some mail servers myself, and I
actually have read RFCs. And no, I'm no shareholder of any ISP,
and the only thing I'm defending is prevention of the disastrous
effects of worms.
On Thu, 1 Jul 2004, Patrick Kaell wrote:
Maybe so that spammers can easily open up an account, use it
for a spam run, and forget it afterwards? It's not like GMX,
web.de & Co do a thorough job of verifying the data you provide
them when opening up an account...
Using a company mailserver that way would make more sense.
Ok, I now see what you mean. To get rid of traffic generated by
worms, but let through authenticated SMTP, the ISP could not
use a simple packet filter then, but would have to pipe the
traffic through an application-level firewall. Doable, but
less simple to set up - and more error prone.
Having a packet filter tie in with a sort of mailserver white
list - hmm... less realistic.
Still, normal procedure is to use the ISP's mailserver for
outgoing mail, and access the mail provider's server through
POP3/IMAP/whatever to retrieve your mail.
Sorry if I formulated that a bit harshly.
See above - many people actually want that kind of filtering.
I can't say I blame them.
Many ISPs will at least block NetBIOS traffic.
Hmm... you said it above yourself - look at your firewall logs.
Those logs are precisely the result of the lack of security out
there. If ISPs did filter by default, and open up specific ports
on demand by individual users, things would look much much better.
Really, this isn't the Internet of 10 years ago. Keeping everything
wide open for everybody would IMO be highly irresponsible. It's
totally illusory to think just anybody could properly secure his/
her internet access, when even way too many supposed "experts"
manage to totally botch even simple stuff.
Totally open lines still exist - leased lines normally are not
subject to any kind of filtering. Prices of course are very
different from dial-up style lines. And you'll still get slammed
in case of abuses (if your ISP doesn't react right away, he will
do so when his own upstream swings the bat).
Ah, I can see you're talking about Coditel's ... erm... I guess
fuck-up is the only term that fits.
I'm not talking about that kind of error. Of course they can't
block their own mailserver for their own clients.
I know perfectly well. And every normally set up mail client
sends their mail through the ISPs mailserver. Using other mail
servers, even through smtp-auth, is not usual.
Calm down. Of course I'm not saying something stupid like that.
All I'm saying is, there's normally no reason not to go through
your ISPs mailserver. I know there can be special needs - which
may have other solutions though.
--
regards,
Georges Toth
Eric Dondelinger wrote:
Why should you have to change your email address?
Care to explain just why you didn't follow
the only sensible
measure, which is to go through your ISPs mailserver, which
*must* relay for you?
I do not whant to change my E-Mail address everytime I change my dialup
provider. If they relay everything, even non coditel
addresses, then
please tell me the security advantage?
Where lies security in checking a From: field?
There are very many good reasons not to use an email address
that wasn't given to you by your dial-up provider, it would
be rather stupid for the ISP to force a customer to use only
one specific domain. *that* would be very poor customer service.
I've got LuxDSL. I constantly send mail from here with other
domains than pt.lu. mailsvr.pt.lu relays it for me - as I'm
on the P&T network. As you know about SMTP servers, I'll just
say "smarthost".
You mean that they must relay
everything from me no matter what's in the From and To field!!!???
Of course! You're on his network, he knows who you are - the
moment you're dialing in! If you abuse the service, bye bye
your account, and chances are you'll hear from the ISPs lawyers
or at least from their billing service.
Is
this what you mean by security???
There is no security in checking To: and From: fields (i.e. the
mail's body). There's not even much point in checking the
envelope From:. That's for the case of users *on the ISPs network*.
Every decent worm would find the
necessary information in the mail client's config files immediately. And
it would be a nice relay service for spammer who uses the ISP's dialup!!
See above for the spammer case - ISPs worth their name (I now there's
black sheep) don't take kindly to spammers.
As for worms - I haven't seen any so far that didn't try to use
SMTP directly, but went through the ISP's mail relay.
It is a shame though that ISPs don't routinely warn customers
having infected PCs though and/or cut their service until they
have made sure their PCs are clean - I now of at least one large
one that will do so after a couple of complaints/warnings.
If
you're on dialup, there's absolutely no reason to do it
any other way - and if you had a valid reason, wtf are you
doing on a dialup line with no fixed IP?
Why on earth do you think that *every* mail provider (GMX, Web.de,
Puretec, ... offer a SMTP service???? I use a authentificated (ESMTP) SMTP protocol to
send my mail. This
doesn't work over a simple relay who doesn't know all accounts that
exists on earth.
Indeed, authenticated SMTP can help there - it would be a grave
mistake for such a setup to accept plain SMTP (open relay, as it
would be trivial to fake the domain part).
I still don't see a point in going to an external service -
unless your ISPs mail server is extremely unreliable, which
would be a reason to find another ISP.
Also,
there's a great many mailservers that are filtering
based on DULs, i.e. if you're on a dialup, there's quite
some chances that your emails won't be accepted at the other
end anyway.
Let's repeat. I do do send it directly. I use port 25 (as every other
internet user) to communicate with my mail provider! SMTP and port 25 is
*not* only used between mail servers, *but* also between sending mail
clients and their SMTP server!!!!!!!!!!!! No, you
weren't using the service correctly, IMHO. And you haven't
read your ISPs terms of use, probably.
Yes I read everything. Ok? Please, I got not an AOL account where I can
access Mail and WWW. I got
a full TCP/IP access to the internet!!!
You do realise though that for most people, such settings actually
make sense? Many even are crying out loud for more traffic filtering
by ISPs.
You
probably also haven't ever had the "luck" of handling a larger
network's abuse@ account.
I do get attacked every 2 seconds by an windows worm. If you want I can
send you my firewall log! Those don't get blocked by the provider of
course!!! Your ISP
offers an email service - which goes through it's mailserver.
They deliver - it's not the ISPs problem that you didn't use the
service properly.
You mean by paying for a TCP/IP access I should not use TCP/IP as it was
intended for???? TCP/IP is there to connect computers over a worldwide
network. This is not Minitel, BTX, Teletext and so on! I'd
also say that they offer due diligence - protecting everybody
else from misconfigured mailservers (open relays), from zombies
(think trojans exploited by spammers) etc. on their network - I
consider that a good thing.
If they had blocked unauthentificated SMTP traffic. Ok, then I would
perhaps agree. But blocking everything, INCLUDING THEIR OWN MAILSERVER,
IS NOT OK!!!!!
[I'll add a remark that I've encountered quite some admins who
can't properly configure a mailserver - so it's definitely not
something I want to see done and put on the 'net by Mr. anybody,
when I have to bear the consequences of that incompetence.]
EVERY MAIL CLIENT USES SMTP. SEE ABOVE!!!! Invalid
comparison. I'd see it rather as an airbag on the driver's
side which you can't switch off [hint: there's no reason to want an
off switch there, although there are good reasons to have it for
the other seat].
Please, the next time you tell me that there is no reason to send mail
and that I should use the telephone, right???? I have 5 years experience with mail servers, know
the SMTP protocol, the
sendmail.cf file and already have worked for an ISP!!!
Brothers in arms, in that case [even if the place I'm working now
isn't exactly an ISP].
But Codidel has seen that it was a mistake and
has reopened port 25 for
their own mailserver after a day and for every other mailserver after 4
days!!!
I had heard about that first part - that can only be described as
a serious fuck-up, everybody will agree.
I had not heard as yet that they restored outgoing TCP 25 traffic
to anywhere - is this also for the dynamic IP ranges, or only for
the static IPs? There was some difference there IIRC.
Greets Eric
_______________________________________________
Lilux-help mailing list
Lilux-help(a)lilux.lu
http://lilux.lu/mailman/listinfo/lilux-help