[Lilux-help] port 25 blocking by ISPs

Patrick Kaell sparc at kayoon.net
Thu Jul 1 23:46:56 CEST 2004 

Eric Dondelinger wrote:

> I've got LuxDSL. I constantly send mail from here with other
> domains than pt.lu. mailsvr.pt.lu relays it for me - as I'm
> on the P&T network. As you know about SMTP servers, I'll just
> say "smarthost".

Now, mail coming from mailsvr.pt.lu do not need to be from a @pt.lu 
address, right? It can be @sex.com and so on? Until now it was enough to 
block dialup address ranges in a Black List. Now it is neccessary to add 
mailsvr.pt.lu to the Black List, to be protected? A worm on your PC can 
send a mail to anybody using anybody's mail address using mailsvr.pt.lu. 
And the worm does not need to be ultrasmart to find the hostname 
mailsvr.pt.lu in the config files of your mail client.

> Of course! You're on his network, he knows who you are - the

They do not know that the mail address you are using is yours. Only the 
mail provider does know this.

> moment you're dialing in! If you abuse the service, bye bye
> your account, and chances are you'll hear from the ISPs lawyers
> or at least from their billing service.

For this you don't need to block port 25. Logging would be sufficient.

You will take away the account of everybody who is invected and who 
sends nonsense through mailsvr.pt.lu? At least if the worm would send 
directly through port 25 to the recipient's mail server, the recipient 
could block it by finding the dialup IP address in the Black List!!!

> There is no security in checking To: and From: fields (i.e. the
> mail's body). There's not even much point in checking the
> envelope From:. That's for the case of users *on the ISPs network*.

Sure. My provider's mail servers only accepts mails from addresses which 
exists on their server. And they are on a white list and can be trusted 
which can't definitely not be said for mailsvr.pt.lu anymore!

>>Why on earth do you think that *every* mail provider (GMX, Web.de,
>>Puretec, ... offer a SMTP service????
> 
> 
> Maybe so that spammers can easily open up an account, use it
> for a spam run, and forget it afterwards? It's not like GMX,
> web.de & Co do a thorough job of verifying the data you provide
> them when opening up an account...
> Using a company mailserver that way would make more sense.

No, spammers do not do this. They definitely do not use @gmx.net, etc. 
sender addresses. The addresses are almost always faked, only the DNS 
part exists. Spammer nowadays use infected PCs to send mails directly to 
the recipient. As I understand you correctly, their infected PCs will 
use mailsvr.pt.lu in the future if they have infected a PT customer, 
right? (just as an example, they *will* find the hostname in the mail 
client's config files, be it mailsvr.pt.lu or something else).

> Indeed, authenticated SMTP can help there - it would be a grave
> mistake for such a setup to accept plain SMTP (open relay, as it
> would be trivial to fake the domain part).
> I still don't see a point in going to an external service -
> unless your ISPs mail server is extremely unreliable, which
> would be a reason to find another ISP.

To protect Black List protected mail servers against you (see above).

> Still, normal procedure is to use the ISP's mailserver for
> outgoing mail, and access the mail provider's server through
> POP3/IMAP/whatever to retrieve your mail.

This is rather unconventional. Never heard this!

> Hmm... you said it above yourself - look at your firewall logs.
> Those logs are precisely the result of the lack of security out
> there. If ISPs did filter by default, and open up specific ports
> on demand by individual users, things would look much much better.
> 
> Really, this isn't the Internet of 10 years ago. Keeping everything
> wide open for everybody would IMO be highly irresponsible. It's
> totally illusory to think just anybody could properly secure his/
> her internet access, when even way too many supposed "experts"
> manage to totally botch even simple stuff.

Totally agree!

> I know perfectly well. And every normally set up mail client
> sends their mail through the ISPs mailserver. Using other mail
> servers, even through smtp-auth, is not usual.

No, see above.

>>I have 5 years experience with mail servers, know the SMTP protocol, the
>>sendmail.cf file and already have worked for an ISP!!!

I have patched (yes I am a C programmer) gnu-pop3d to implement SMTP 
after POP3 with sendmail for our customers. Nobody used the SMTP service 
of the dialup provider. This was 2000-2001. So I know the szene.

Patrick Kaell

More information about the Lilux-help mailing list