[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Finding a replacement for my ISP's smtp server

On 7/31/2014 10:37 AM, Brian wrote:
> On Mon 28 Jul 2014 at 22:12:09 +0100, Joe wrote:
> 
>> On Mon, 28 Jul 2014 18:16:23 +0100
>> Brian <ad44@cityscape.co.uk> wrote:
>>
>>> Port 25 then becomes used only for incoming messages to be sent to
>>> domains the server is responsible for? If so, that doesn't appear any
>>> different from the present situation. For relaying a login is
>>> perfectly understanable, but it can be done on port 25 too. What
>>> makes port 587 necessary?
>>
>> Simply to provide a standard port on which authentication is expected
>> and used, leaving 25 for unauthenticated mail. An email sent to an
>> arbitrary address will be unauthenticated, because none of us have
>> authentication credentials for all the world's mail servers.
>> Unauthenticated mail will be delivered only *to* the domains the
>> receiving server is authoritative for, or relayed *to* anywhere, but
>> only *from* domains which are explicitly configured in the server. I
>> think the very basic Debian setup of exim4 allows the entry of such
>> permitted relaying domains, and certainly the full configuration file(s)
>> does so.
> 
> Thanks. Due to your post and speed reading an RFC or two I think I now
> have a better understanding of what the IETF's intentions are. They do
> not include encouraging the blocking of outbound port 25. However, in an
> earlier mail
> 
>   https://lists.debian.org/debian-user/2014/07/msg01614.html
> 
> I said
> 
>    You have to authenticate yourself when you join your ISP's network.
>    No further authentication is needed to use their SMTP server; you
>    are a trusted user so TLS is therefore not required.
> 
> This is incorrect. I was working off my experience of my ISP's network
> and my own. It may not be needed but an ISP can require authentication
> to send mail in spite of knowing a machine is legitimately on its
> network. 
> 
> The reason for doing it given is generally along the lines of:
> 
>    Much of the current use of port 25 is by computers that have been
>    infected by malware and are sending spam without the knowledge of
>    the users of those computers. Port 587 improves security through
>    the use of required authentication and recommended TLS/SSL
>    encryption. 
> 
> What I do not understand is what prevents the malware (assuming it can
> signicantly control the machine) from using the same authentication to
> send spam as before. Isn't this back to square 1?
> 
> 

Nothing, if the malware can get the userid and password.  However, to do
so you have to store the information on your machine.  Additionally, the
malware has to know which MUA you're using (to figure out where the
userid and password are stored), and if your MUA has encrypted the
information, how to decrypt it.

Not impossible, by any means.  But much harder than just sending over
port 25, which requires none of the above.

Jerry
Reply to: