LeaChe

back to http://scratchpad.wikia.com/wiki/Sasecurity

Leechtest command
LeechTest

adfasf
I made the switch over a short period in my ISP --- enabled authentication on my mailserver, both 25 and 587 and told my customers it was mandatory if they wanted their mail forwarded. Then 2 months later closed off 25 connexions to off-net for everything except my designated relays, I had already turned off unauthenticated relay (you've done this already too) so the only issue was connecting to off-net relays, and malware.

I didn't redirect 25 to my servers though, as some do. I think that's immoral in the same level as password snatching. Blocking 25 is now fairly standard practice amoungst consumer ISPs (and as mesh providers that's the  space we're playing in) it is view as good anti-spam practice.

587 is only an issue with my customers who buy DSL elsewhere. 587 means they can legitimately send with their own domain without running into SPF problems.

You (Kenny)'ve already got your own, but anyone on this list is free to use my mail set-up faq http://faq.oa5.com (provided you tell me of errors or  even better, fix them: consider it creative commons licence)

connect got gets pesky of
 * Our server requires authentication for outgoing as well.
 * I've considered changing this up just as you've described, but
 * unfortunately many of my clients are computer illiterate. When we
 * unfortunately many of my clients are computer illiterate. When we
 * them to the internet, we set everything up before we leave. I've even
 * instructions on our website (with pictures!), and everytime someone
 * a new computer I still have to visit them to set up email!!
 * If I changed it over to port 587, it would have shut both of these
 * If I changed it over to port 587, it would have shut both of these
 * bugs down - but doing so now would not be practical with the number
 * people this would affect. Thanks for the suggestion though.
 * Hindsight is always 20/20 :)
 * Hindsight is always 20/20 :)

BLOCK PORT 25
I made the switch over a short period in my ISP --- enabled authentication on my mailserver, both 25 and 587 and told my customers it was mandatory if they wanted their mail forwarded. Then 2 months later closed off 25 connexions to off-net for everything except my designated relays, I had already turned off unauthenticated relay (you've done this already too) so the only issue was connecting to off-net relays, and malware.

I didn't redirect 25 to my servers though, as some do. I think that's immoral in the same level as password snatching. Blocking 25 is now fairly standard practice amoungst consumer ISPs (and as mesh providers that's the  space we're playing in) it is view as good anti-spam practice.

587 is only an issue with my customers who buy DSL elsewhere. 587 means they can legitimately send with their own domain without running into SPF problems.

You (Kenny)'ve already got your own, but anyone on this list is free to use my mail set-up faq http://faq.oa5.com (provided you tell me of errors or  even better, fix them: consider it creative commons licence)

Andrew

--On Monday, May 16, 2005 10:08:54 -0500 Kenny Bain  wrote:

connect got gets pesky of
 * Our server requires authentication for outgoing as well.
 * I've considered changing this up just as you've described, but
 * unfortunately many of my clients are computer illiterate. When we
 * unfortunately many of my clients are computer illiterate. When we
 * them to the internet, we set everything up before we leave. I've even
 * instructions on our website (with pictures!), and everytime someone
 * a new computer I still have to visit them to set up email!!
 * If I changed it over to port 587, it would have shut both of these
 * If I changed it over to port 587, it would have shut both of these
 * bugs down - but doing so now would not be practical with the number
 * people this would affect. Thanks for the suggestion though.
 * Hindsight is always 20/20 :)
 * Hindsight is always 20/20 :)