Re: Thoughts on Isolating Viruses - Port 587 Submission [signed]

["Matthias Schmidt [c]" <be...@admilon.net>]

Am/On Mon, 16 Jul 2007 06:11:32 -0700 schrieb/wrote Marc Perkel:

>One of the problems with SMTP in my opinion is that it allows end users 
>to talk on port 25 to servers and therefore can't be distinguished from 
>server to server traffic.
>
>Imagine a policy where ISPs blocked port 25 for consumers by default and 
>forced them to talk to mail servers on port 587 to send SMTP. Suppose 
>that all SMTP servers who took email from consumers had port 587 open as 
>well as port 25.
>
>If port 25 were blocked from consumers and they were forced to talk to 
>servers on port 587, even without authentication, then a server could 
>distinguish consumers from other servers. I think this kind of 
>configuration could be used to help isolate virus infected computers 
>from spamming and spreading.
>
>So if I have an SMTP server that is set up to receive email for a bunch 
>of domains and had port 587 closed then I could block out all spam from 
>consumer computers. The idea being that a lot of virus infected spam 
>bots would be isolated. It would force consumer traffic to talk only to 
>smtp servers set up to relay consumer email.
>
>Thoughts?

imho this won't work ... 
how you want to keep infected computers off from 25?

there are already more effective tools to protect your server, like a
good rule combination before the mail even gets to spamassassin.

Thanks and all the best

Matthias



--
--------------------- [ SECURITY NOTICE ] ---------------------
To: marc@perkel.com, users@spamassassin.apache.org.
For your security, beta@admilon.net
digitally signed this message on 16 July 2007 at 13:49:02 UTC.
Verify this digital signature at http://www.ciphire.com/verify.
---------------- [ CIPHIRE DIGITAL SIGNATURE ] ----------------
Q2lwaGlyZSBTaWcuAjhtYXJjQHBlcmtlbC5jb20sIHVzZXJzQHNwYW1hc3Nhc3Np
bi5hcGFjaGUub3JnAGJldGFAYWRtaWxvbi5uZXQAZW1haWwgYm9keQBtBAAAfAB8
AAAAAQAAAE53m0ZtBAAAlAIAAgACAAIAIP0CLbVXygN8FBmbKstMB6JcUdhet15I
Ff/4MQhzNWDdAQAOv7grZzUb4WQMq69DnEJONRUGHRTIcfvZQaPqa3Pmdn7JFyaY
s5jnmxxxsa+4mExNmaIrF8SCHisJW2zI1PXCpCLLU2lnRW5k
------------------ [ END DIGITAL SIGNATURE ] ------------------

Re: Thoughts on Isolating Viruses - Port 587 Submission [signed]

[Jason Frisvold <xe...@gmail.com>]

On 7/16/07, Matthias Schmidt [c] <be...@admilon.net> wrote:
> I know that .....
> I just meant it's not possible in the real world to prevent "clients"
> from talking to port 25 (of course as long as it is not closed by some
> isp) or to distinguish a mail-bot from a real server just through the
> port they talk to.

Block the port, offer a web based client and open port 587 to the
world, authentication required.  Simple.

> the suggestion from Forrest has indeed some charme.
> But how to "teach" a whole bunch of DAUs to set their mail client to use
> port 587 instead of the default set port 25?

That requires a commitment by the ISP in question,  I believe the
first step is to make sure any new customers are set up for port 587
when they sign up.  Change any reference material, instructions, etc.

The second step is to email all existing customers and set up some
sort of timetable.  Let them know about the impending change and point
them at detailed instructions to make the necessary changes on their
computer.

And lastly, start working with the customers that call in and can't
read simple instructions.  This is probably the hardest part because
it's the most time consuming.  Once the day has arrived to make the
change, make it and prepare for the barrage of support calls that will
be coming in.  Some people will be upset about it, but that's life.

Overall, it's just a commitment and time issue.  Make the commitment,
commit the time needed.

> Thanks and all the best
>
> Matthias
>
>
>
> --
> --------------------- [ SECURITY NOTICE ] ---------------------
> To: users@spamassassin.apache.org.
> For your security, beta@admilon.net
> digitally signed this message on 16 July 2007 at 14:15:19 UTC.
> Verify this digital signature at http://www.ciphire.com/verify.
> ---------------- [ CIPHIRE DIGITAL SIGNATURE ] ----------------
> Q2lwaGlyZSBTaWcuAjh1c2Vyc0BzcGFtYXNzYXNzaW4uYXBhY2hlLm9yZwBiZXRh
> QGFkbWlsb24ubmV0AGVtYWlsIGJvZHkABgcAAHwAfAAAAAEAAAB3fZtGBgcAAF8C
> AAIAAgACACD9Ai21V8oDfBQZmyrLTAeiXFHYXrdeSBX/+DEIczVg3QEADr+4K2c1
> G+FkDKuvQ5xCTjUVBh0UyHH72UGj6mtz5nYjlUEJoNgP9ebYb5GrX+H0xYfag1EA
> QNL7PaGtiHvp04nmU2lnRW5k
> ------------------ [ END DIGITAL SIGNATURE ] ------------------
>
>


-- 
Jason 'XenoPhage' Frisvold
XenoPhage0@gmail.com
http://blog.godshell.com

Re: Thoughts on Isolating Viruses - Port 587 Submission [signed]

["Matthias Schmidt [c]" <be...@admilon.net>]

Am/On Mon, 16 Jul 2007 09:02:58 -0500 schrieb/wrote Richard Frovarp:

>Matthias Schmidt [c] wrote:
>> Am/On Mon, 16 Jul 2007 06:11:32 -0700 schrieb/wrote Marc Perkel:
>>
>>   
>>> One of the problems with SMTP in my opinion is that it allows end users 
>>> to talk on port 25 to servers and therefore can't be distinguished from 
>>> server to server traffic.
>>>
>>> Imagine a policy where ISPs blocked port 25 for consumers by default and 
>>> forced them to talk to mail servers on port 587 to send SMTP. Suppose 
>>> that all SMTP servers who took email from consumers had port 587 open as 
>>> well as port 25.
>>>
>>> If port 25 were blocked from consumers and they were forced to talk to 
>>> servers on port 587, even without authentication, then a server could 
>>> distinguish consumers from other servers. I think this kind of 
>>> configuration could be used to help isolate virus infected computers 
>>>     
>> >from spamming and spreading.
>>   
>>> So if I have an SMTP server that is set up to receive email for a bunch 
>>> of domains and had port 587 closed then I could block out all spam from 
>>> consumer computers. The idea being that a lot of virus infected spam 
>>> bots would be isolated. It would force consumer traffic to talk only to 
>>> smtp servers set up to relay consumer email.
>>>
>>> Thoughts?
>>>     
>>
>> imho this won't work ... 
>> how you want to keep infected computers off from 25?
>>
>>   
>Many ISPs firewall 25 at the edge of their network. If you try to send 
>to port 25 on their network or to their SMTP they allow that traffic. 
>One of the reasons for running the submission port is so that your users 
>can get out of those ISPs to your outgoing server.

I know that .....
I just meant it's not possible in the real world to prevent "clients"
from talking to port 25 (of course as long as it is not closed by some
isp) or to distinguish a mail-bot from a real server just through the
port they talk to.

the suggestion from Forrest has indeed some charme.
But how to "teach" a whole bunch of DAUs to set their mail client to use
port 587 instead of the default set port 25?

>
>For another way of doing this, see the PBL:
>http://www.spamhaus.org/pbl/index.lasso
>

Thanks and all the best

Matthias



--
--------------------- [ SECURITY NOTICE ] ---------------------
To: users@spamassassin.apache.org.
For your security, beta@admilon.net
digitally signed this message on 16 July 2007 at 14:15:19 UTC.
Verify this digital signature at http://www.ciphire.com/verify.
---------------- [ CIPHIRE DIGITAL SIGNATURE ] ----------------
Q2lwaGlyZSBTaWcuAjh1c2Vyc0BzcGFtYXNzYXNzaW4uYXBhY2hlLm9yZwBiZXRh
QGFkbWlsb24ubmV0AGVtYWlsIGJvZHkABgcAAHwAfAAAAAEAAAB3fZtGBgcAAF8C
AAIAAgACACD9Ai21V8oDfBQZmyrLTAeiXFHYXrdeSBX/+DEIczVg3QEADr+4K2c1
G+FkDKuvQ5xCTjUVBh0UyHH72UGj6mtz5nYjlUEJoNgP9ebYb5GrX+H0xYfag1EA
QNL7PaGtiHvp04nmU2lnRW5k
------------------ [ END DIGITAL SIGNATURE ] ------------------

Re: Thoughts on Isolating Viruses - Port 587 Submission [signed]

[Richard Frovarp <Ri...@sendit.nodak.edu>]

Matthias Schmidt [c] wrote:
> Am/On Mon, 16 Jul 2007 06:11:32 -0700 schrieb/wrote Marc Perkel:
>
>   
>> One of the problems with SMTP in my opinion is that it allows end users 
>> to talk on port 25 to servers and therefore can't be distinguished from 
>> server to server traffic.
>>
>> Imagine a policy where ISPs blocked port 25 for consumers by default and 
>> forced them to talk to mail servers on port 587 to send SMTP. Suppose 
>> that all SMTP servers who took email from consumers had port 587 open as 
>> well as port 25.
>>
>> If port 25 were blocked from consumers and they were forced to talk to 
>> servers on port 587, even without authentication, then a server could 
>> distinguish consumers from other servers. I think this kind of 
>> configuration could be used to help isolate virus infected computers 
>>     
> >from spamming and spreading.
>   
>> So if I have an SMTP server that is set up to receive email for a bunch 
>> of domains and had port 587 closed then I could block out all spam from 
>> consumer computers. The idea being that a lot of virus infected spam 
>> bots would be isolated. It would force consumer traffic to talk only to 
>> smtp servers set up to relay consumer email.
>>
>> Thoughts?
>>     
>
> imho this won't work ... 
> how you want to keep infected computers off from 25?
>
>   
Many ISPs firewall 25 at the edge of their network. If you try to send 
to port 25 on their network or to their SMTP they allow that traffic. 
One of the reasons for running the submission port is so that your users 
can get out of those ISPs to your outgoing server.

For another way of doing this, see the PBL:
http://www.spamhaus.org/pbl/index.lasso