alex at nkpanama.com
Thu Jun 14 03:06:09 IST 2007
Andrew MacLachlan wrote:
>> spam zombies spewing stuff out of your network and getting you
> blacklisted. >Most spam zombies will not authenticate - therefore, the
> e-mail won't leave >your network. This, combined with a firewall policy
> that only allows port >25 traffic on your own servers can mitigate a
> spam zombie problem before it >begins.
> How many spam zombies look for a usable relay so they can deliver their
> wares? If the firewall is configured so that only the proper MTA(s) can
> send out I can't see a problem or a need for SMTP auth on private /
> managed networks...
Again, spam zombies will try to look for SMTP relays. If they find one
on the local network, they will try to use it. If it won't let them send
stuff through because authentication is needed, then the problem is
mitigated - and you'll have lines on your log that'll let you see where
the problem is.
It also makes roaming users more "transparent" since they can relay by
authenticating from anywhere.
It also gives you an additional line on your headers which can be used
to trace abuse.
The "it's more trouble than it's worth" line is the only point I see
that is really a matter of opinion; otherwise enabling AUTH is a win-win
situation, in my experience.
I don't want this to become a flame war or anything, it's just that this
topic has been covered already (search for Muhamad Nauman's
contributions on the subject), and even ISP's with thousands of users
find it helps a lot.
Maybe I shouldn't have used the term "lazy"; in retrospect I think it
might have hurt someone's feelings. For that I'm sorry. I just find it
an option too easy to implement nowadays, with too much to gain and so
little to lose. I'm responsible, directly or indirectly, for a lot of
people's mail; I only get AUTH-related support calls once or twice a
year, from a pool of a few thousand accounts at a couple of dozen
companies. My clients monitor their logs for rogue machines trying to
send out unauthenticated e-mail from their own networks and will often
spot compromised machines that way. That's the reason why I find it
trivial to implement and immensely beneficial.
> This message was scanned by ESVA and is believed to be clean.
More information about the MailScanner