Jerry wrote:
On Thu, 25 Feb 2010 16:40:13 -0500
Bowie Bailey <bowie_bai...@buc.com> articulated:
Abide by what edict? Email marked as containing a virus is simply
rejected. If a spammer or bot wishes to send out viruses from my
network, they'll have to bypass my MTA to do it, which is more
difficult since very few machines on my network have permission to
send out via port 25.
You should be using SMTP Authentication, irregardless of what port is
being accessed which would stop virtually all unauthorized
transmissions. If you don't know how to do that, ask or Google it. I am
really interested in how a Spammer is getting access to your network to
begin with. It sounds like your network is anything but secure.
So it's not possible for some innocent, clueless user to give up their
password to a phishing scam? It's not possible for a new virus not
detected by anyone's AV yet to capture a user's password as they enter it?
Some popular mail clients *still* have poor or incomplete support for
TLS and SMTP AUTH... and that's the *current* version of said clients.
(I think Outlook finally supports TLS/AUTH on port 587 as of the
last version or two; it didn't for quite a long time.) We still have
to allow IPs within our ARIN-assigned IP space to relay through our
server for these customers.
If I cared to dig, I could probably come up with a list as long as my
arm of user accounts whose password has been compromised through no
fault of *our* security, but due to social engineering attacks or
malicious software that slipped in somewhere long enough to capture a
password or two.
Hav you ever tried to handhold a (very) seniour citizen who's a complete
computer newbie, and has a hearing problem, though setting up an email
account, over the phone? Have you ever had to *troubleshoot* an email
problem with someone like that?
I'll admit the setup side is much less of a problem in most corporate
environments... at least, those with their own in-house IT staff. Many
smaller businesses don't *have* an IT staff; they have someone they
call periodically (often after something has been wrong for days to
weeks).... often the support staff at the ISP is their first call. But
*exactly* the same social-engineering and password-capture attacks work
on corporate PCs and accounts as on ISP accounts.
-kgd
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
