Re: [courier-users] breaking smtp, smart host spam

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Gordan Bobic wrote:
> Not any more. The number of spamming zombies that spam via the smart
> host is on the increase - and if the zombie is smart enough to use the
> smart host, it's safe to assume that it's also smart enough to use the
> authentication.

Oh, that's why you have TLS, or non-cleartext-based authentication methods. But if you have an
intelligent enough software that owned one of your client computers that can steal / hijack
authenticated sessions, then you have another problem, too: infection :P

> If malware knows how to read your mail reader config and retrieve the
> smart host, and then forges the envelope to the same domain as your
> email address, that in one fell swoop kills all RFC compliance based
> filtering (nolisting, unlisting, greylisting) and IP based blacklisting.

Sure. That's why there are system administrators that have to proactively and reactively check their
networks :) - That's called working. There is no foolproof methodology. Regarding SPAM, we are
trying to protect about INCOMING email INTO our network, not OUTGOING email OUT of our network. This
last thing is called ABUSE, which has nothing to do with standard anti-spam procedures.

> Then we'll be stuck with content-based filtering alone again, which is a
> bit too questionable a method for my liking at the moment.

I don't like content-scanning either, and don't run it. SPF, Greylisting and DNSBL is more than
enough. Thunderbird takes care of statistical spam flagging (on the client, of course).

> I'd start looking now if I were you. This has been coming for a while.

I agree.

- --
Arturo "Buanzo" Busleiman - Consultor Independiente en Seguridad Informatica
Servicios Ofrecidos: http://www.buanzo.com.ar/pro/
Unase a los Foros GNU/Buanzo - La palabra Comunidad en su maxima expresion.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFHLcf4AlpOsGhXcE0RCjm2AJ46x8yKwhVBcaSdBTMa1E hx6qPo1QCfXgxW
FGle880xdxjG9jWOsEfL2hk=
=Sh+U
-----END PGP SIGNATURE-----

-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems? Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >> http://get.splunk.com/
_______________________________________________
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/.../courier-users