 nixenRockin' the BoxenPremium
join:2002-10-04
Alexandria, VA | reply to cowboy
Re: Deal with it..... said by cowboy:
Having to swap ports is assinine and a knee-jerk responce - I don't see that it has to this point made much, if any, difference in the amount of spam/viruses that make it through my ISP to be caught by my filters.
Granted, by itself, port switching won't buy you anything. You need a more top to bottom approach. Basically one where the only traffic transiting port 25 comes from hosts that are reverse MX'ed (i.e., pretty much just valid SMTP server to SMTP server traffic). Non server-to-server SMTP traffic would/should be relegated to an alternate port. Access to that port should only be by way of authenticated logins (in a very ideal world, logins that used OTP).
Granted, the MUA's would have to be written such that authentication credentials couldn't just be lifted out of them by means of a virus. But, even if a virus did compromise the authentication, the audit trail would still be there, allowing an infected system to be more quickly taken off the air than is currently the case.
-tom
--
"There are 10 types of people in the world... those who understand binary and those who don't."
"That's only 2 types of people, moron" |
