|
Mailing list archives - discuss@gordano.com
| Index |
Thread |
Archive |
Mar-2003 |
Archive |
Send |
 |
  |
 |
   |
|
  |
|
| Subject: |
Spam Update - how to relay proof your GMS server |
| Author: |
Brian S. Bergin |
| Date: |
13-Mar-2003 17:11:52 |
--=====================_95295781==.ALT
Content-Type: text/plain; charset="us-ascii"; format=flowed
At 09:41 13 03 03 Thursday, you wrote:
>Brian,
>Blocking port 25 will not work in the long run because especially
>broadband customers would never agree to that. And I am sure companies
>like Yahoo would very much object that access providers prevent their
>users from accessing legitimate email systems. On top it would prevent
>teleworkers to use corporate email servers. For dial-up users that might
>be a different story but when AT&T tried to block incoming port 80 so
>people could not run private webservers they lost so many customers so
>quickly. And with RBOC hurting so badly to get DSL further into the field
>I cannot see how a blocking mechanism would help their effort.
Broadband customers and others will have no choice. Several broadband
companies have already done that. We have customers all over the US who
are now having to 1) use their ISP's mail server, and 2) use SMTP Auth for
those servers when a year ago on the same broadband connection they could
use our servers. The day is coming. If every broadband ISP out there does
it people will have to accept it. As they say, they cannot have their cake
and eat it too. People say they're tired of spam but you say they're
unwilling to work with this solution?
>Pop before smtp is not a good solution because a lot of email clients
>(Outlook for example) simply cannot do it. So you force your users to
>check for mail twice to send messages out.
Outlook works just fine, yes you have to Send/Receive "twice" after
launching the app before it will send, but so what? At our customers'
sites we have many users using our servers and ours has been setup this way
since Gordano released JUCE. We've never had a complaint, a few inquiries,
but once explained no actual complaints. Anyway, most people empty their
outbox before they exit Outlook so this is not an issue for most people.
>I simply cannot understand why you guys do not use authenticated smtp.
>There has to be a mind change with admins here. If you require a password
>for someone to check their inbox and receive mail (pop) then the same
>should apply when they want to send mail out. Why is that such a problem?
What's stopping a brute force smtp auth attack? There are reports of that
happening right now, as I type this. Since GMS doesn't lock out accounts
after x # of bad pwd attempts, what's stopping a brute force
attack? Nothing. Unless you're willing to force 15 character complicated
pwds on users this won't work. And you think they complain about having to
check twice before sending in Outlook? SSL doesn't stop this either. At
least with POP before SMTP users will have some clue if someone else is
accessing their mail. Even if someone accessed it, but left the msgs on
the server, they'd still be marked as "read" when the came down. I know,
we had this problem about a year ago, though it wasn't for spamming, it was
a husband looking to "catch" his wife... He wasn't too smart.
Perhaps the solution is VPN. We could require that all outbound mail be
sent via VPN and setup our PIX to do it. Outlook could then be setup to
"dial" the VPN to send and hang up when done. I already do this from my
home, but I'm not prepared to listen to all the gripes.
Gordano offers us both solutions, both work equally well and as designed,
both also have drawbacks. VPN is probably the only absolute solution but
I'm betting someone will come up with a way around that too not to mention
the whining we'd have to hear.
Sincerely,
ComCept Solutions, LLC.
Brian S. Bergin
Network Systems Administrator
(828) 265-1234
http://www.comcept.net
---Note:
This list is to allow discussion of Gordano's products. Support
options are available at http://www.gordano.com/support
This message was sent to "listarchive_discuss@office.ntmail.co.uk".
To stop receiving messages email discuss-leave@gordano.com with
your email address in the first line of the message.
--=====================_95295781==.ALT
Content-Type: text/html; charset="us-ascii"
<html>
<body>
<font size=3>At 09:41 13 03 03 Thursday, you wrote:<br>
<blockquote type=cite class=cite cite>Brian,<br>
Blocking port 25 will not work in the long run because especially
broadband customers would never agree to that. And I am sure companies
like Yahoo would very much object that access providers prevent their
users from accessing legitimate email systems. On top it would prevent
teleworkers to use corporate email servers. For dial-up users that might
be a different story but when AT&T tried to block incoming port
80 so people could not run private webservers they lost so many customers
so quickly. And with RBOC hurting so badly to get DSL further into the
field I cannot see how a blocking mechanism would help their
effort.</font></blockquote><br>
Broadband customers and others will have no choice. Several
broadband companies have already done that. We have customers all
over the US who are now having to 1) use their ISP's mail server,
<b>and</b> 2) use SMTP Auth for those servers when a year ago on the same
broadband connection they could use our servers. The day is
coming. If every broadband ISP out there does it people will have
to accept it. As they say, they cannot have their cake and eat it
too. People say they're tired of spam but you say they're unwilling
to work with this solution?<br><br>
<blockquote type=cite class=cite cite><font size=3>Pop before smtp is not
a good solution because a lot of email clients (Outlook for example)
simply cannot do it. So you force your users to check for mail twice to
send messages out.</font></blockquote><br>
Outlook works just fine, yes you have to Send/Receive "twice"
after launching the app before it will send, but so what? At our
customers' sites we have many users using our servers and ours has been
setup this way since Gordano released JUCE. We've never had a
complaint, a few inquiries, but once explained no actual
complaints. Anyway, most people empty their outbox before they exit
Outlook so this is not an issue for most people.<br><br>
<blockquote type=cite class=cite cite><font size=3>I simply cannot
understand why you guys do not use authenticated smtp. There has to be a
mind change with admins here. If you require a password for someone to
check their inbox and receive mail (pop) then the same should apply when
they want to send mail out. Why is that such a
problem?</font></blockquote><br>
What's stopping a brute force smtp auth attack? There are reports
of that happening right now, as I type this. Since GMS doesn't lock
out accounts after x # of bad pwd attempts, what's stopping a brute force
attack? Nothing. Unless you're willing to force 15 character
complicated pwds on users this won't work. And you think they
complain about having to check twice before sending in Outlook? SSL
doesn't stop this either. At least with POP before SMTP users will
have some clue if someone else is accessing their mail. Even if
someone accessed it, but left the msgs on the server, they'd still be
marked as "read" when the came down. I know, we had this
problem about a year ago, though it wasn't for spamming, it was a husband
looking to "catch" his wife... He wasn't too
smart.<br><br>
Perhaps the solution is VPN. We could require that all outbound
mail be sent via VPN and setup our PIX to do it. Outlook could then
be setup to "dial" the VPN to send and hang up when done.
I already do this from my home, but I'm not prepared to listen to all the
gripes.<br><br>
Gordano offers us both solutions, both work equally well and as designed,
both also have drawbacks. VPN is probably the only absolute
solution but I'm betting someone will come up with a way around that too
not to mention the whining we'd have to hear.
<BR>
<BR>
<BR>
<BR>
---Note:
<BR>
This list is to allow discussion of Gordano's products. Support
<BR>
options are available at http://www.gordano.com/support
<BR>
This message was sent to "listarchive_discuss@office.ntmail.co.uk".
<BR>
To stop receiving messages email discuss-leave@gordano.com with
<BR>
your email address in the first line of the message.
<BR>
</BODY></HTML>
<br>
<br>
<div>Sincerely,</div>
<div>ComCept Solutions, LLC.</div>
<br>
<div>Brian S. Bergin</div>
<div>Network Systems Administrator</div>
<br>
<div>(828) 265-1234</div>
<a href="http://www.comcept.net/" EUDORA=AUTOURL>http://www.comcept.net</a>
</html>
--=====================_95295781==.ALT--
| This Thread
|
| This Author (Mar-2003)
|
|
 |  | |
|
