Date: Wed, 14 Mar 2001 09:59:15 -0500 (EST) From: "Bruce M. Walker" <bmw@borderware.com> To: Ralph Huntington <rjh@mohawk.net> Cc: "Bruce M. Walker" <bmw@borderware.com>, Jim Durham <durham@w2xo.pgh.pa.us>, freebsd-security@FreeBSD.ORG Subject: Re: Sophos and Virus return mail Message-ID: <200103141459.f2EExFI21502@fusion.borderware.com> In-Reply-To: <Pine.BSF.4.21.0103140939550.4793-100000@mohegan.mohawk.net> from Ralph Huntington at "Mar 14, 2001 09:42:54 am"
next in thread | previous in thread | raw e-mail | index | archive | help
Ralph Huntington wrote: > > > If port 25 is blocked, then how is legitimate mail accepted? -=r=- > > > > I meant, of course, blocking of port 25 to all destinations but the > > "officially sanctioned mail server". ISPs generally provide you > > with a mail server IP which you are supposed to forward all mail > > to. > > Okay, so you meant blocking the 'escape' of packets bound for port 25 on > any machine *other*than* the approved smtp host, which, of course, does > not relay, correct? Not *quite*: the approved SMTP mail server *must* be able to relay, otherwise you (the customer) wouldn't be able to address mail to anybody other than people with addresses at your ISP. Maybe the context isn't clear: I'm referring to blocking being done by your ISP (ie: your employer, your upstream provider, whatever). This hypothetical ISP will filter packets destined for port 25 at any IP-addr except for connections to, say, mail.big-isp.net, their own mailserver. Then they instruct you (the customer) that when you setup MS Lookout! or Eudora, that you must specify mail.big-isp.net as the SMTP server. Your mail client then forwards all outgoing mail to mail.big-isp.net, and that server forwards your mail to the actual destination. So mail.big-isp.net gets all the outgoing mail traffic from the entire ISP's user community and forwards it to the addressees. Nobody is allowed (in this gated community :-) to connect SMTP directly from their Windoze box to the remote mailserver (or MX host) of their addressee. An example, I believe, is Mindspring who recently announced that they would start blocking outgoing attempts to connect to port 25. The point is to stop spammers in their user community from abusing open relays. Now, how did this go from "Snowhite and the Empty Envelope-from" to "Packet-filtering by the Big Bad Wolf"? :-) -bmw To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200103141459.f2EExFI21502>