[Dshield] ISP's not blocking egress 25/tcp
josh at raintreeinc.com
Fri Jan 23 20:51:48 GMT 2004
It wouldn't do much good to block
> The trouble is, everyone wants _their_ server clear, but everyone else's
> blocked (on ISP's networks, your example above).
At least an ISP should block outgoing SMTP for home users, wherever
possible. At my work we have business class service (with which comes
business class rights, such as sending out SMTP traffic and with which
*should* come business class responsibility).
> I've seen many cases where a server
> will sit around, up on a higher port, say 5550, and send from there. If
> you can confirm the source of a SPAM, take a look at the computer that
> sent it out. Many times it's a Windows-WinNT machine running a mailserver
> on a high port. I doubt a legit company is mass-sending email from a
> Windows 98 machine from port 5685 =)
It doesn't matter what port this garbage comes *from* - just if it's
going to port 25, kill it.
More information about the list