[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Finding a replacement for my ISP's smtp server

On Thu 31 Jul 2014 at 17:37:21 +0100, Joe wrote:

> On Thu, 31 Jul 2014 15:37:31 +0100
> Brian <ad44@cityscape.co.uk> wrote:
> 
> > What I do not understand is what prevents the malware (assuming it can
> > signicantly control the machine) from using the same authentication to
> > send spam as before. Isn't this back to square 1?
> 
> I would assume it can, if it operates your email client under your
> credentials. But this may well leave traces, when you find sent mail
> that you definitely know you didn't send, or alien names added to your
> address book, that the malware has failed to erase properly. It is

If a user notices these traces, all well and good; he can do something
about it. If he doesn't notice his machine will continue to churn out
spam, irrespective of what port is being used.

> probably difficult for malware to pick security stuff out of the
> Registry without making a valid logon. Microsoft may be rubbish at
> general security, but these days it has to meet fairly strict standards
> for email confidentiality if it wants corporate US clients,
> particularly medical and legal ones. The preference is for malware to
> use a primitive SMTP engine which is entirely separate from the
> compromised system's email.

I didn't know that. I don't envisage such an engine on my system but if
it could read /etc/exim4/passwd.client (a plaintext file) it's in
business.
 
> Also, probably more important, your mail hosting company may well spot
> the spam going through their own mail server, whereas they are probably
> less likely to spot outgoing spam just passing through their routers,
> along with hundreds of torrent feeds... I'm sure the ISPs will be
> required to monitor and analyse all traffic in and out of their
> customers' systems one day, but I doubt that they're looking forward to
> it.

I can well understand any decent ISP monitoring port 25 traffic through
its network. Those who block port 25 may eventually come up with before
and after statistics but somehow I doubt it; commercial confidentiality
and all that.
Reply to: