John Rudd wrote:
1) Some viruses already know they can put their outbound messages into the Outlook outbound folder.

2) Viruses can/will adapt by figuring out how to leverage stored SMTP-AUTH configurations. They can probably pick 3 or 4 implementations to target (Outlook, Thunderbird, Mail, and Eudora) and still be incredibly effective.

Agreed on these two points, but...

3) This doesn't stop a virus on a laptop from still hitting port 25 on your server, or on other people's servers, when they are roaming away from your controlled networks.

This is the equivalent of saying it won't help to close your own open relay because a spammer/virus can always just use someone else's.

4) And then there's all of those mail servers that run on port 2525 to get around these kinds of restrictions. And if you block 2525, they'll find a new one to use.

Um... so? If someone tries to send out spam or a virus on port 2525, who are they going to reach? How many potential victims are *listening* on port 2525? Somewhere along the line they're going to have to get to a friendly/pwned relay that will send out on port 25. Anything up to that point is just shuffling things around inside the botnet.

--
Kelson Vibber
SpeedGate Communications <www.speed.net>

Reply via email to