Re: Getting open smtp servers fixed
- Date: Fri, 11 Sep 98 16:22:56 +0100 (BST)
Gunnar Lindberg writes:
> Sorry to be negative - if there were simple, solutions...
>
> >c) filter out all port 25 tcp connections from dialup...
>
> First of all I dislike the idea since it violates the end-to-end
> principle that once made the Internet Be The Internet. Possibly I
> could be talked/forced into changing my mind (i.e. ISPs do as
> always, ignore negative comments), b u t:
Well, mail isn't really end to end in that sense anyway: with many of
our customers your mail will hit our own store and forward system
first and wait until they dial up before being delivered to them.
Similarly our dialup customers send mail via our permanently connected
mail relays anyway, since that way they don't have to stay dialed up
longer than is necessary if they get a very slow connection to a
distant host.
> Assume for a second that I do use dialup and IPsec... Encrypted
> packets, not even TCP header is readable. Oooops. And no ISP can
> refuse my the right to make my IP secure???
Does IPsec require both endpoints to know about each other in advance?
I'm embarrassingly short of knowledge of IPsec.
As the receiver (rather than the sender) in this scenario I can refuse
to accept mail sent from unknown hosts over encrypted connections, and
insist that anyone who wants to send me mail securely use PGP or
similar.
But maybe that's not enough for some applications.
ttfn/rjk