Re: Current status?
- From: "Richard B. Gilbert" <rgilbert88@xxxxxxxxxxx>
- Date: Wed, 10 Sep 2008 18:59:33 -0400
John Santos wrote:
Bill Gunshannon wrote:In article <A4-dnZKGduU09FjVnZ2dnUVZ_sjinZ2d@xxxxxxxxxxx>,
"Richard B. Gilbert" <rgilbert88@xxxxxxxxxxx> writes:
Bill Gunshannon wrote:
In article <zYmdnV7yroyp3VjVnZ2dnUVZ_v_inZ2d@xxxxxxxxxxx>,
"Richard B. Gilbert" <rgilbert88@xxxxxxxxxxx> writes:
Bill Gunshannon wrote:
In article <KKadnb_N_b8StljVnZ2dnUVZ_vKdnZ2d@xxxxxxxxxxx>,
"Richard B. Gilbert" <rgilbert88@xxxxxxxxxxx> writes:
Bill Gunshannon wrote:
In article <g9r0lf$g15$1@xxxxxxxxxxxxxxxxx>,
david20@xxxxxxxxxxxxxxxx writes:
In article <7h%vk.609$393.335@trnddc05>, John Santos <john@xxxxxxx> writes:
Bill Gunshannon wrote:
In article <g9pl82$lh7$4@xxxxxxxxx>,
helbig@xxxxxxxxxxxxxxxxxxxxxxxx (Phillip Helbig---remove CLOTHES to reply) writes:
In article <t_Wvk.2076$U5.1028@xxxxxxxxxxxxxxx>,
=?ISO-8859-1?Q?Jan-Erik_S=F6derholm?= <jan-erik.soderholm@xxxxxxxxx>
writes:
Yup. I think that many of the problems arise because MUAs use the same
protocol (SMTP) and port (25) to send mail to MTAs as MTAs use to relay
mail to each other.
Modern MTAs can be configured to allow mail clients to submit mail to them on the mail submission port (port 587) rather than port 25. See RFC 2476 http://www.faqs.org/rfcs/rfc2476.html
What does this buy you? You would still need to know who your MTA is
andc it would still need to be willing to accept email from you. It is
all the silly little notification apps that wree brought up here as
justification for allowing anybody to use port 25. They have no builtin
method of authenticating so the port number used changes nothing. I
certainly would not accept email on my MTA from someone on port 587 that
I would not also accept on port 25. The purpose of port 587 sand RFC
2476 is noto to control SPAM it is to make sure outgoing email meets
the proper formating requoirements of the other RFC's.
On the other hand MTAs talk to MUAs (when delivering
mail) using either of 2 different protocols (that I know of), POP3 on
port 110 and IMAP on port 143. (I don't think anything does POP2 on
port 109 any more.)
Logically there are three parties involved not two.
MTA, MUA and Message store.
Not sure what you make as differnt with "Message store". Unless you
are separating the guy MTA from the machine that runs POP or IMAP.
I don't see that as necessarily being a separate Email function although
it is possible and may even have some utility on a big enough system.
The MTA delivers mail to another MTA or to a message store.
The MUA originates mail and sends it to a MTA.
Mail clients generally incorporate the above MUA functionality together with
the ability to display and manipulate mail in the message store.
POP and IMAP are protocols used to access and manipulate the message store.
They are NOT used to deliver mail to the message store.
Agreed, but the "Message Store" is not necessarily even a part of the
Email system and I don't believe it has ever been considered by IETF.
I have users who use NFS to read their email. Does that make NFS an
Email Protocol, too? And, of course, Wessage Store is also irrelevant
to the problem of how to get the email system to be more immune to SPAM.
Note.
The SMTP servers which come with the TCPIP stacks (TCPWARE, MULTINET or TCPIP
SERVICES/UCX) are NOT fully fledged modern MTAs. For that you would need either
PMDF or MX.
(
PMDF is a commercial product but is available free for hobbyist use. MX is now an open-source free product see
http://www.madgoat.com/
However I'm not aware of anyone currently continuing development of MX.
)
Maybe so, but if people played by the rules, basic SMTP is more than adequate
to the task. If ISP's blocked port 25 for all machines in their domain other
than their MTA I would need to filter incoming ports on my end. And RBL's
would rapidly become redundant.
Sadly, we are forced to spend a lot of time effort and technology trying
to, once again, solve a social problem. A social solution would work a
lot better.
Perhaps it would. But where would you get a "social solution"? How would you implement it? How would you deal with the anti-social creeps who "zombie" a PC or two or twenty and use them to pump spam into the net? Hint: you will NEVER get the liberals to agree to the death penalty! Hell, you can even spank a misbehaving child any longer!
Like I said, I have been over this a half-dozen tiems already. All that
is needed already exists. It takes only administrative changes (which is
why I said it would require more effort on the part of admins). If you
are truly interested, email me and I will explain it to you. Or, if
others actually express interest I will post it here again. But I
expect most here are not in the least bit interested.
bill
My ISP has a spam filter effective enough that spam is not a problem for me! I get the occasional "401 scam" but that's about all.
And how many messages have you not receieved because of their SPAM filter?
False Positives are at least as bad a problem as False Negatives. And for
a business, they can be worse.
If I did not receive a message, it's unlikely that I would be aware of it except if it came from family or friends and they inquired if I had received it or complained about my failure to reply.
Which is the point of the question. Agressive SPAM filtering sounds nice,
but how do you know the rate of False Positives? Answer: you don't.
I do get mail from PC Connection, CDW, HP, Amazon, and a few other commercial enterprises that I have some kind of relationship with. I don't consider it spam and don't complain about it.
Yes, but have you ever sent an email to a company and not received and
an expected answer? I know people who complained regularly that their
emails to Mentec were ignored. But the fact is, you don't know if they
ever arrived in the first place. How many businesses can afford to just
blow off customers because of aggressive SPAM filtering?
Comcast does seem to block 99.9+% of the people selling penis enlargers, nude photographs, drugs without prescription, etc.
While willingly supporting a network infrastructure that inundates the
INTERNET with that garbage even though it is bad engineering at best
and deliberate at worst.
And, before you sing the praises of Comcast...... I just looked at my
logs and I have several hundred rejected connection from comcast addresses
and that is just since midnight.
My router blocks any and all connections that did not originate from my home network. If I check the router's logs, something I may do once or twice a year, there is somebody attempting a connection every fifteen to twenty seconds, twenty-four hours a day. Should I wish to receive incoming connections, I believe that I can configure it to allow specific originating addresses and ports but I can't think of any reason why I should want to. That box only cost me about $80 US and it has paid for itself several times over!
Is this your home router? if it is, your ISP should never allow you
to even see them. That's what thier fifrewall is for. basicly, you
are paying for the infrastructure that provides the needed bandwidth
for all this garbage. (Yes, even connection requests that get rejected
consume bandwidth and CPU time that could be better spent doing real
work!) Of course, if it's your business LAN then that's what your
firewall is supposed to do. Now, if we could just get a lot of other
people, Comcast among them to do this SPAM would just go away!!
bill
Even if an ISP blocks external port 25 (which their customers would
probably complain about if they are running their own inbound mail
servers, or just on principal :-), do any implement internal firewalls
that block one customer from trying to access another? For Comcast
in particular, if I understand it correctly, each neighborhood is a
LAN on a virtual ethernet running on their cable, so there is not
even a router between you and the guy down the street. The only
place they could put a firewall is on the cable converter box that
converts the cable signal to ethernet in your house (the box commonly
called a "cable modem", though I don't think it is really a modem.)
They could *also* firewall port 25 at their boundaries with other
ISPs and backbone providers, but that in itself would be
insufficient. (They might want to do it anyway to reduce their
internal traffic.)
I'm on Verizon FIOS at home and I know the FIOS converter box
is a router and does NAT and some level of filtering, so inbound
port 25 traffic wouldn't make it to my LAN (or single computer
if that was all I had) unless I actively reconfigure it to pass
port 25 to a designated host (the default is "block"), but I
don't know if the same applies to Comcast cable modems. (FIOS
The Comcast cable modem is only a modem! It has no blocking or filtering capabilities that I know of.
I run a Linksys BEFR81 router/switch that blocks ALL incoming traffic that is not a response to a request from a machine on my local network. The log makes impressive reading!
<snip>
.
- References:
- Re: [RBL] Current status?
- From: John E. Malmberg
- Re: [RBL] Current status?
- From: John E. Malmberg
- Re: [RBL] Current status?
- From: Bob Koehler
- Re: [RBL] Current status?
- From: Bill Gunshannon
- Re: Current status?
- From: johnwallace4
- Re: Current status?
- From: Bill Gunshannon
- Re: Current status?
- From: Phillip Helbig---remove CLOTHES to reply
- Re: Current status?
- From: Bill Gunshannon
- Re: Current status?
- From: david20
- Re: Current status?
- From: Bill Gunshannon
- Re: Current status?
- From: Richard B. Gilbert
- Re: Current status?
- From: Bill Gunshannon
- Re: Current status?
- From: Richard B. Gilbert
- Re: Current status?
- From: Bill Gunshannon
- Re: Current status?
- From: Richard B. Gilbert
- Re: Current status?
- From: Bill Gunshannon
- Re: Current status?
- From: John Santos
- Re: [RBL] Current status?
- Prev by Date: Re: Intermittent RWSCS state
- Next by Date: Re: Intermittent RWSCS state
- Previous by thread: Re: Current status?
- Next by thread: Re: Current status?
- Index(es):
Relevant Pages
|
