From owner-freebsd-security  Wed Mar 14 18:59:29 2001
Delivered-To: freebsd-security@freebsd.org
Received: from cs4.cs.ait.ac.th (cs4.cs.ait.ac.th [192.41.170.16])
	by hub.freebsd.org (Postfix) with ESMTP id E6F0437B71D
	for <freebsd-security@FreeBSD.ORG>; Wed, 14 Mar 2001 18:59:24 -0800 (PST)
	(envelope-from on@cs.ait.ac.th)
Received: from banyan.cs.ait.ac.th (on@banyan.cs.ait.ac.th [192.41.170.5])
	by cs4.cs.ait.ac.th (8.9.3/8.9.3) with ESMTP id JAA03648
	for <freebsd-security@FreeBSD.ORG>; Thu, 15 Mar 2001 09:59:04 +0700 (GMT+0700)
Received: (from on@localhost)
	by banyan.cs.ait.ac.th (8.8.5/8.8.5) id JAA15200;
	Thu, 15 Mar 2001 09:59:16 +0700 (ICT)
Date: Thu, 15 Mar 2001 09:59:16 +0700 (ICT)
Message-Id: <200103150259.JAA15200@banyan.cs.ait.ac.th>
X-Authentication-Warning: banyan.cs.ait.ac.th: on set sender to on@banyan.cs.ait.ac.th using -f
From: Olivier Nicole <on@cs.ait.ac.th>
To: freebsd-security@FreeBSD.ORG
In-reply-to: <Pine.BSF.4.21.0103141119450.1452-100000@shazam.int> (message
	from Jim Durham on Wed, 14 Mar 2001 11:31:05 -0500 (EST))
Subject: Re: Sophos and Virus return mail
References:  <Pine.BSF.4.21.0103141119450.1452-100000@shazam.int>
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

Hi,

I would like to add my couple of cents to the topic.

Actually you should check Reply-To:, From: then the From enveloppe in
that order.

And in any case copy the email to one of those guys who monitor the
ISP with open relay and publish list for banning.

Port 25 in my opinion MUST be closed, as far as it goes for individual
users. In fact it could be closed even for corporate users as one bad
corporate customer could cause the whole ISP address range to be
banned.

A centralised email exhange point is the only efficient way for an ISP
to control that their users are not doing spam.

As far as relaying, is should be open from outside to inside
(considering the frontier is the ISP email exchange) and from inside
to outside. But not from outside to outside.

To address mobile configuration, say a customer using his laptop
outside the ISP domain, relay can be set-up to open from outside to
outside, for a limited period of time (usially 10 minutes) provided
that the laptop first does a connection with POP or IMAP. The laptop
identifies as a valid user of the ISP so he is allowed to use the
ISP email gateway for a while.

Olivier

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message