From owner-freebsd-security Wed Mar 14 6:59:34 2001 Delivered-To: freebsd-security@freebsd.org Received: from mgateway.borderware.com (mgateway.borderware.com [207.236.65.231]) by hub.freebsd.org (Postfix) with ESMTP id 1947037B71B for ; Wed, 14 Mar 2001 06:59:30 -0800 (PST) (envelope-from bmw@borderware.com) From: "Bruce M. Walker" Message-Id: <200103141459.f2EExFI21502@fusion.borderware.com> Subject: Re: Sophos and Virus return mail In-Reply-To: from Ralph Huntington at "Mar 14, 2001 09:42:54 am" To: Ralph Huntington Date: Wed, 14 Mar 2001 09:59:15 -0500 (EST) Cc: "Bruce M. Walker" , Jim Durham , freebsd-security@FreeBSD.ORG X-Mailer: ELM [version 2.4ME+ PL66 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Ralph Huntington wrote: > > > If port 25 is blocked, then how is legitimate mail accepted? -=r=- > > > > I meant, of course, blocking of port 25 to all destinations but the > > "officially sanctioned mail server". ISPs generally provide you > > with a mail server IP which you are supposed to forward all mail > > to. > > Okay, so you meant blocking the 'escape' of packets bound for port 25 on > any machine *other*than* the approved smtp host, which, of course, does > not relay, correct? Not *quite*: the approved SMTP mail server *must* be able to relay, otherwise you (the customer) wouldn't be able to address mail to anybody other than people with addresses at your ISP. Maybe the context isn't clear: I'm referring to blocking being done by your ISP (ie: your employer, your upstream provider, whatever). This hypothetical ISP will filter packets destined for port 25 at any IP-addr except for connections to, say, mail.big-isp.net, their own mailserver. Then they instruct you (the customer) that when you setup MS Lookout! or Eudora, that you must specify mail.big-isp.net as the SMTP server. Your mail client then forwards all outgoing mail to mail.big-isp.net, and that server forwards your mail to the actual destination. So mail.big-isp.net gets all the outgoing mail traffic from the entire ISP's user community and forwards it to the addressees. Nobody is allowed (in this gated community :-) to connect SMTP directly from their Windoze box to the remote mailserver (or MX host) of their addressee. An example, I believe, is Mindspring who recently announced that they would start blocking outgoing attempts to connect to port 25. The point is to stop spammers in their user community from abusing open relays. Now, how did this go from "Snowhite and the Empty Envelope-from" to "Packet-filtering by the Big Bad Wolf"? :-) -bmw To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message