Re: [RBL] Current status?

David J Dachtera wrote:
"John E. Malmberg" wrote:

A corporate firewall should be detecting and setting off security alarms
when a non-mail server attempts to make a direct SMTP connection through it.

...and there in lies the rub: too many vendor-managed proprietary
(non-Windows) systems where the vendor is unwilling to "play by the
house rules".

If the system is supposed to send e-mail, then it can be let through the firewall.

If it is not supposed to send e-mail, and it attempts to, don't you think someone should find out why?

Another techique to use is a Samba Server configured to look like a
vulnerable PC to see what systems attempt to infect it.

And Corporate/Educational network owners should consider being
suspicious of any outgoing e-mail with reply-to addresses for any of the
free/demo e-mailers:

hotmail.com, live.com, live.ca, live.co.uk, live.*

aol.com, games.com, aim.com, aol.*

voila.fr, myway.com, gazeta.pl

yahoo.com, rocketmail.com, ymail.com, yahoo.*

gmail.com, googlemail.com

Note: "should consider being suspicious of", but should not block
arbitrarily.

It depends what is more important to the business:

Delivery of personal e-mails to non-business addresses through the businesses e-mail servers/firewalls or the delivery of messages/pages that are critical to the business.

Or if it is important for the business to know if criminals have access to private business and personal records.

-John
Personal Opinion Only



.