|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: Firewall ain't the problem
From: /dev/rob0 (rob0
gmx.co.uk)
Date: Sat Sep 25 2004 - 09:48:37 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Saturday 25 September 2004 00:22, Brian Collins wrote:
> > assume so) your ISP is blocking you. Talk to them. There's no valid
> > reason for them to block inbound SMTP -- but they are doing so.
>
> There is plenty of good reason to block inbound SMTP to
Reasons:
1. Some of them may be running vulnerable Windows servers which could
get 0wn3d and start spewing worm mail.
2. Users cannot register their own domain names and receive their own
mail. This keeps them dependent on their ISP address, and thus less
likely to change ISP's when problems arise.
Those are all I can think of now. #1 is wrong. It's much more effective
to block HTTP. And that leads the ISP down the slippery slope of trying
to protect all their users from their own incompetence: it cannot be
done. I think these days that most Windows users are getting these
worms from hostile HTTP servers, in their browser! The only *partial*
answer to that is to proxy everything and to use content filtering on
the proxy!
#2 is worse than wrong, it's monopolistic abuse. Considering how some
ISP's I've seen handle their mail services <cough>Road Runner</cough>
who could blame a customer who wants to manage his/her own mail?
> CDM/modem/ADSL IPs that shouldn't be running mail servers.
Shouldn't be sending out SMTP, yes, with that I grudgingly agree,
because of the high number of Windows users who have clicked on
poisoned HTTP links, and because of spammers who might get throwaway
accounts to use in sending out tons of spam.
But why shouldn't a home user be able to receive SMTP? How does that
protect the Internet? What's wrong with home MTA's using a relayhost?
It's odd: we got into this tangent when I said there is no valid reason
for an ISP to block inbound SMTP. I still see none. Your reply insists
that "[t]here is plenty of good reason" but failed to name any such
reason. If I'm a moron about this please educate me.
> Commercial IP blocks are an exception, of course.
Sure, if the ISP is smart enough to make an exception. My boss has a
commercial DSL account which is on dynamic IP blacklists. Blacklists
won't remove it and the only people we can reach at the ISP don't
understand the problem (and won't pass it on to someone who does,
perhaps because they don't know how!)
> But it's amazing how many commercial
> organizations don't have a clue about running a mail server. "Oh,
This phenomenon goes far beyond mail servers. In fact it goes so far in
so many directions such that it is the rule, not an exception, and
whilst it remains a thing of wonder (I wonder how any business is able
to get anything done without competence!), the amazement is gone.
On the contrary, I'm amazed when I find someone who knows what s/he is
doing. I've learned to be satisfied with non-destructive incompetence.
--
mail to this address is discarded unless "/dev/rob0"
or "not-spam" is in Subject: header
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]