Linux-friendly ISPs?
Kenneth Porter
shiva at sewingwitch.com
Sat Aug 28 14:39:10 UTC 2004
--On Friday, August 27, 2004 9:14 PM -0400 Sam Varshavchik
<mrsam at courier-mta.com> wrote:
> But not before the ISP's customer smarthosts get blacklisted.
>
> Which is why they block inbound port 25 in the first place.
The ideal solution is to block all low ports < 1024 by default, and open
them selectively by request (no questions asked, no support provided) using
a web page. People competent enough to find the authorizing web page are
less likely to run open relays (not just SMTP, but other proxies as well).
And zombies would be instantly stopped.
Speakeasy's TOS allows servers, but would still benefit from such a "bozo
filter".
ISP's should also be performing ingress and egress filtering by address, to
block spoofed source addresses.
More information about the fedora-list
mailing list