John Rudd wrote:
1) Some viruses already know they can put their outbound messages into
the Outlook outbound folder.
2) Viruses can/will adapt by figuring out how to leverage stored
SMTP-AUTH configurations. They can probably pick 3 or 4 implementations
to target (Outlook, Thunderbird, Mail, and Eudora) and still be
incredibly effective.
Agreed on these two points, but...
3) This doesn't stop a virus on a laptop from still hitting port 25 on
your server, or on other people's servers, when they are roaming away
from your controlled networks.
This is the equivalent of saying it won't help to close your own open
relay because a spammer/virus can always just use someone else's.
4) And then there's all of those mail servers that run on port 2525 to
get around these kinds of restrictions. And if you block 2525, they'll
find a new one to use.
Um... so? If someone tries to send out spam or a virus on port 2525,
who are they going to reach? How many potential victims are *listening*
on port 2525? Somewhere along the line they're going to have to get to
a friendly/pwned relay that will send out on port 25. Anything up to
that point is just shuffling things around inside the botnet.
--
Kelson Vibber
SpeedGate Communications <www.speed.net>
