1 Jul
2004
1 Jul
'04
9:46 p.m.
Eric Dondelinger wrote:
No, spammers do not do this. They definitely do not use @gmx.net, etc.
sender addresses. The addresses are almost always faked, only the DNS
part exists. Spammer nowadays use infected PCs to send mails directly to
the recipient. As I understand you correctly, their infected PCs will
use mailsvr.pt.lu in the future if they have infected a PT customer,
right? (just as an example, they *will* find the hostname in the mail
client's config files, be it mailsvr.pt.lu or something else).
I've got LuxDSL. I constantly send mail from here
with other
domains than pt.lu. mailsvr.pt.lu relays it for me - as I'm
on the P&T network. As you know about SMTP servers, I'll just
say "smarthost".
Now, mail coming from mailsvr.pt.lu do not need to be from a @pt.lu
address, right? It can be @sex.com and so on? Until now it was enough to
block dialup address ranges in a Black List. Now it is neccessary to add
mailsvr.pt.lu to the Black List, to be protected? A worm on your PC can
send a mail to anybody using anybody's mail address using mailsvr.pt.lu.
And the worm does not need to be ultrasmart to find the hostname
mailsvr.pt.lu in the config files of your mail client.
Of course! You're on his network, he knows who
you are - the
They do not know that the mail address you are using is yours. Only the
mail provider does know this.
moment you're dialing in! If you abuse the
service, bye bye
your account, and chances are you'll hear from the ISPs lawyers
or at least from their billing service.
For this you don't need to block port 25. Logging would be sufficient.
You will take away the account of everybody who is invected and who
sends nonsense through mailsvr.pt.lu? At least if the worm would send
directly through port 25 to the recipient's mail server, the recipient
could block it by finding the dialup IP address in the Black List!!!
There is no security in checking To: and From: fields
(i.e. the
mail's body). There's not even much point in checking the
envelope From:. That's for the case of users *on the ISPs network*.
Sure. My provider's mail servers only accepts mails from addresses which
exists on their server. And they are on a white list and can be trusted
which can't definitely not be said for mailsvr.pt.lu anymore!
Why on earth do
you think that *every* mail provider (GMX, Web.de,
Puretec, ... offer a SMTP service????
Maybe so that spammers can easily open up an account, use it
for a spam run, and forget it afterwards? It's not like GMX,
web.de & Co do a thorough job of verifying the data you provide
them when opening up an account...
Using a company mailserver that way would make more sense. Indeed, authenticated SMTP can help there - it would
be a grave
mistake for such a setup to accept plain SMTP (open relay, as it
would be trivial to fake the domain part).
I still don't see a point in going to an external service -
unless your ISPs mail server is extremely unreliable, which
would be a reason to find another ISP.
To protect Black List protected mail servers against you (see above).
Still, normal procedure is to use the ISP's
mailserver for
outgoing mail, and access the mail provider's server through
POP3/IMAP/whatever to retrieve your mail.
This is rather unconventional. Never heard this!
Hmm... you said it above yourself - look at your
firewall logs.
Those logs are precisely the result of the lack of security out
there. If ISPs did filter by default, and open up specific ports
on demand by individual users, things would look much much better.
Really, this isn't the Internet of 10 years ago. Keeping everything
wide open for everybody would IMO be highly irresponsible. It's
totally illusory to think just anybody could properly secure his/
her internet access, when even way too many supposed "experts"
manage to totally botch even simple stuff.
Totally agree!
I know perfectly well. And every normally set up mail
client
sends their mail through the ISPs mailserver. Using other mail
servers, even through smtp-auth, is not usual.
No, see above.
>I have 5 years experience with mail servers, know
the SMTP protocol, the
>sendmail.cf file and already have worked for an ISP!!!
I have patched (yes I am a C programmer) gnu-pop3d to implement SMTP
after POP3 with sendmail for our customers. Nobody used the SMTP service
of the dialup provider. This was 2000-2001. So I know the szene.
Patrick Kaell