CNN-HN reported in the last week that a large brokerage firm (Morgan Stanley? Strong? Someone...) did a monetary survey and found that 1 in 132 Americans is a millionaire. However, there are only 30,000 people in the world with a net worth of more than $30 million. CNN-HN didn't disclose how much total money was in the world, though, so it's hard to make a definitive guess is the majority of the total is in the median or in the upper echelon.
I personally suspect that as one moves up that list of 30,000 the numbers become larger and larger. The 95%/5% split may even be an optimistic view compared with reality.
This means that there is no algorithmic way to transform recursive functions into iterative ones, and any substitution must be based upon matching of patterns pre-coded into the compiler
I agree. I came across a similar concept in a Number Theory course. Consider a set of numbers where the member n is derived from a function of n-1. In many cases it is desirable to have an absolute equation where F(n) directly computes any member without knowing the member before it. We found that there were useful techniques in converting one system to the other but there was no tried and true stepwise method which could reliably generate an absolute function from a sequential function.
And then there's always the set of prime numbers which doesn't have any currently describable function, sequential, absolute, or otherwise.
Back in '93 I was taking my computer (paid for with my money) off to college. After a few months my parents went through the newspaper to buy another computer (paid for with their money) for my younger brother. They bought a used system which had a good price tag and came with lots of software on poorly labelled 3.5" disks. I was in college in another state and couldn't go along with them to judge the character of the person that they made the purchase from. When I came back at Christmas I looked through the software that he got with his system and said,"I really wouldn't trust any of this stuff. Stick with the software which we've legitimately bought." I think they thought that I was jealous of the amount of software which he got with his system because they pooh-poohed me off. To be fair I used quite a bit of warez'd software myself at the time--but it always came from sources that I trusted. I never used warez'd software that came with a system that I bought from some nobody out of the newspaper.
At Christmas my younger brother got shloads of new software, really cool games. He got things like Street Fighter, and Test Drive 2 (or 3), and three or four others. Really good stuff. My brother had two 3.5" drives and I hardware locked one of them (it had a DIP switch) so that it was read-only. Before I left I told him specifically,"When you play those brand new games that you got for Christmas be sure to use them only on _this_ drive which I locked so that it doesn't write." I didn't trust all of that warez'd software that came with his system.
When I came back for spring break every single one of his brand new games was dead in the water. Not a single one would boot. He was crestfallen and I was _very_ unhappy. I hated to see him that disappointed especially since he had gotten some of the coolest games on the planet. I ran a virus checker on the disks and every one of them had a boot sector virus. I don't remember what the name was. Since all of the 3.5" floppy games back then had custom boot sectors I couldn't rescue a single one of them. I don't know if he disregarded my warning about the warez'd software, or if he flipped the DIP switch back on the 3.5" drive, or if he didn't pay heed and carelessly used both 3.5" drives (many of the games had up to 5 disks). Whatever it was his brand new games were hosed.
6 years later I was between jobs and back living at home. My younger brother put NetBus on my machine as if it were a joke. Either he didn't learn the lesson of the damage of that sort of crap or else he felt like he needed to take revenge on someone for losing all that software. We haven't exchanged more the a dozen words in the 4 years since then.
Your "yes" case sounds like more of a job than I'd like to have Until performance review time comes around and the bean counters demand an explanation for every 30 second delay or every tiny inconsistency.
2) He thinks that security is a yes/no option. Security is nothing like that. If someone were to be honest with him, and tell him that nothing is truely secure and it's all trade-offs, and then explain the trade-offs of their particular product, I'm sure he would have thought they were weaseling, when in fact they were telling the truth.
AMEN!
It's a problem that I run into quite often and not just with security. When you come to understand a topic intimately enough you learn that there is very little in the world that's a yes/no option. Everything requires a level of expertise and must be tailored to the specific task at hand. The issue is that the people requesting the services don't know, don't have time to learn, and don't want to learn. They want the yes/no answer to keep their life easy. If you're the person attempting to sell your services in order to keep food on the plate, however, you're faced with a dilemma: Say "yes" and possibly get mired in a situation which is impossible (secure a network full of users who are actively trying to break the network), or say "no" and don't get the job.
Of course not. Typically the "cease, desist, and KEEP YOUR MOUTH SHUT" letter is plenty good enough.
Now that you really plug for it, though, wasn't there a guy in France who was on the run for publishing exploits in common Anti-Virus software? Slashdot even had a story about him. I tried googling, but "France antivirus vulnerability author" doesn't quite match the pages that I wanted.
Googling for "framed because proprietary software companies are opportunistic pigs" doesn't quite get it either.
f they had relays elsewhere, spammers would use them already You don't pay attention to your spam, do you?
Spammers already use open relays. It's how they confound attempts to track down ISP is actually serving the spammer. The latest round of spam that has ended up in my inbox was sent through web-mail portals which don't keep track of the X-originating-IP.
Here's a clue. For free. Blocking port 25 is not going to stop the real spammers. It may stop the wannabes who get sucked in by "Make money from home!" schemes but it's not going to stop spam.
nd the third, well, they unfortunately seem the most common these days One must be careful when using such statements as "those who can't do teach" though. Imagine you're in the company of the first or second group, but you don't know it, and you're joking around with your buddy in class and that line comes out. It's just not a good situation to be in.
It wouldn't be hard to write a script to have everything forwarded off through a web-mail account.
Why are you people so addicted to port 25 as if it's cast in iron? Relays can be set up anywhere around the world. Have you been reading the news lately?
Any spammer with the resources to make use of zombie boxes or international ISP relays will just bounce the mail out on port and use 25 someplace else. If a spammer were intelligent enough they'd hack together a script which would send the mail out in distributed form so as not to raise any threshold flags.
The only real way to stop spam is to go after the companies which produce the products that they sell.
Don't be a dumbass (oh wait. You're posting as AC for a reason).
First you're pointing out poster children examples. That's one high-profile example per country. For all you know those are isolated incidents of blatant official misuse of power.
Next you're only citing one side of the issues. In France--who was the publisher and what was their role in this? In Germany--those are laws which were initially written for them by the Allied occupational force (largely US). In Britain--the threat of "jail" is also called a "deterrant" by most people. In Pakistan and Saudi Arabia--people should know to keep their mouths shut. There must be more to those cases than picking some poor sap off the street and hanging him. In Canada--yeah, that's a SPECIAL CASE. Israel--you don't point out how the Israelis have massive US support and constantly antagonize the Palestinians using any available economic, political, and military means available to them. Taliban--The US blew up the Branch Davidians. It looks the same to the fanatics.
Just because there are places which have problems does not make it excusable for the US to be a blatant center of hypocrisy.
When I was young and cocky I prattled off that line. I have regretted it for the last 8 years. It's insulting, demeaning, and while it may be true in some cases, it's not true in nearly all cases and is on the same order as prejudice and racism.
By blocking port 25, they say they cut Spam by 20% last week. And I say they're full of dog turds.
Any spammer with half a clue will just move to a different port system. I bet the IT managers can work the numbers so that if one of the flatulates loudly they can reduce spam by 20%.
All major MTAs, if not all MTAs period, allow the identifier given on HELO/EHLO command to be independent of the hostname That solves that problem. The only thing left to check is if the IP of the client is within the IP range alloted to the HELO/EHLO identifier. What about mobile users not sending mail using an outgoing SMTP host? Hopefully their client will return an EHLO/HELO identifier which correlates with whatever road ISP they're using.
then it's only unfriendly to people who spam and people who could probably do with a little more education on configuring their MTA In my opinion this is a good thing in both cases.
Since when is the difference between residential service and business service defined by which TCP ports we use? Spreading FUD about port 25 and outright lies about how it will reduce spam is leaning towards this sort of model.
I was lately pondering the possibility of making my own ghost image of a default install and then creating a boot disk which would restore the system to the initially installed state. I looked at the size of the 2.6.6 kernel as it sat on my HD and wondered,"How will I ever put that and anything useful on a floppy?"
The Linux operating system has, for the longest time, appealed to me because it was slim, light, lean, and efficient. It is not just the window managers which are getting larger, though. The kernel is becoming positively huge. Applications such as Mozilla are happily following the path of their Windows counterparts. It seems that as Linux picks up public awareness the developers are heeding to the pressure to create a more featureful system in order to appeal to the public.
What public are they appealing to? The Linux world no longer seems to be targeting the computer gurus. The Linux world is increasingly developing to appeal to people who have difficulty remembering commands. The applications are catering to users who are illiterate in the sense that the only functional interface that they can use with any reliability is a point-and-click interface with a minimum of keyboard interaction.
Consider print managers. Three years ago, to install a print manager, I had to wade through configuration files and driver definition files. Then print managers evolved to give lists of printers to choose from. Now print managers go out of their way to present only one or two choices when identifying the printer. The number of acceptable screen options is directly proportional to the literacy of the user. Incidentally, lprng, cups, foomatic, etc. do not work with my old BJC-4200. Standard lpr with magicfilter is still my way to go. This may become obsolete, however, since the Canon BC-20 black block ink cartridge is increasingly hard to find.
Perhaps it's time to define how bleeding edge we need to be. I may be perfectly content to run a 2.4.26 kernel for the next ten years since many of my hardware accessories and drivers are experiencing trouble with the new 2.6 kernel series. Maybe Glib/Gdk/Gtk 2.4 will be the latest I ever go. I only use the libraries anyways. To keep my system light I build an LFS and use UDE.
Maybe Tanenbaum is right about microkernels being the only true solution--but it's tough to find a Radeon 7500 vid card driver for a microkernel based system to play DVDs.
Maybe I'll start to seriously look at those BSD CDs on my desk...
How do you handle mailservers on a LAN inside a firewall? I certainly wouldn't want my mailserver outside the firewall. Even if the host uses a perfectly valid TLD (company.com), the mailserver may identify itself as (ps1-hf56.company.com) which is only known to the DNS servers on the LAN inside the firewall. Incoming mail (SMTP connection) is handled at the firewall and redirected to a group of mailservers.
Not that it's a bad idea but it's not very friendly to companies which NAT their mailservers through a firewall.
ISPs (and any other business that gives a workstation a "real" IP address) need to block egress port 25. Comcast is going to be doing this soon, others should soon follow suit. This plugs the zombies
Get off your bandwagon. It's not going to work. Fancy language does not make it true. What do you mean by "egress"? Is that outgoing? You can't block a client machine from connecting to --dport 25 if the client machines are going to make legitimate port 25 connections to their smtp/pop3 server. Are you proposing that all --dport 25 connections originating from the client pool will only be allowed if they're connecting with the ISP mailserver? This won't stop the spammers. They'll simply forward their spam through webmail servers or through their Russian/Chinese ISPs. Do you mean incoming port 25 connections to the client pool? That won't stop anything. The spammers will move their zombie ports to something else and still use zombies to relay mail through ten or twelve hops before passing it out through a legit ISP. Legitimate mail servers still have to listen on port 25 and they don't care what the source port is. Are you advocating whitelists/blacklists? They suck and everyone knows it.
Get off the port 25 bandwagon!!! It will not stop spammers. The port 25 bandwagon is nothing but an ego-booster for ignorant IT managers and a foot-in-the-door for ISPs to begin regulating internet access by port. It will only lead to service plans being metered out by how many open ports are allowed.
What? Next I have to pay an extra fee to use IRC? Or an extra fee for various messenging clients? Or an extra fee for ftp? All in the name of stopping spammers? While the whole time, the spammers and P2P clogs don't care one whit for IANA port delegation and continue on as if nothing ever happened.
I like the idea of shutting down a connection that's spewing forth millions of e-mails/day. Default port 25 blocking, though? What about business connections? Are they going to have port 25 blocked? That hits the issue a bit more true, doesn't it? It's all about the money to the ISP. They don't really care about the spam. It's just about the business model. Some small business pouring out millions of spam e-mails on port 25 is fine. They pay their bill. The residential customers, however, we're got to ratchet them down and squeeze them for every penny they're worth.
if the fork is -not- worthy very few if any will switch to it and the product will wither and die We'll have the marketing department take care of that. There's this one VP over in marketing that went to school with a couple guys that sit in the state Senate. He can convince them that our fork is infinitely superior and can probably swing some funding for a government technology and innovation grant. If we really play our cards right we may be able to patent the whole project based upon our fork and really screw the main tree devs.
Legit smtp servers which accept mail from a the customer side only listen on 25/465. A spammer doesn't care about that, though. What matters for a spammer is the pop3 server listening to the internet side on 25. Since the pop3 server must listen to port 25 on the internet side to receive any mail, how is blocking port 25 on the customer side going to stop even a mentally challenged spammer?
The zombies take care of getting the mail from the customer side to the internet. After that, no ISP is going to block port 25 on the internet side. How would any customers get mail:?
They will simply lop port 25, and force you to use their smtp servers, or lack thereof I still don't understand the "block 25" band-aid. I can open outgoing port 45454 to a mailserver on my zombie box in.ru which is listening on port 53219 which sends all mail to the legitimate destinations. When that zombie box gets blacklisted, I start using my zombies in.po, or.no, or on any major cable modem, DSL provider. They all run stripped down mailservers which listen on port 26205 and use scripts to send the mail out to legitimate addresses. Some of them even use scripts to send the mail out via web mail accounts.
Am I missing something here? If you were a spammer, isn't that how you would've been doing it five years ago? What's the use of blocking port 25 other than to feed the hype, paranoia, and ignorance of the users with pretty headlines in newspapers or bulletins?
*NOTE*: I am not a spammer. I was speaking in the first person for the purpose of conjecture.
Slashdot Mirror
CNN-HN reported in the last week that a large brokerage firm (Morgan Stanley? Strong? Someone...) did a monetary survey and found that 1 in 132 Americans is a millionaire. However, there are only 30,000 people in the world with a net worth of more than $30 million. CNN-HN didn't disclose how much total money was in the world, though, so it's hard to make a definitive guess is the majority of the total is in the median or in the upper echelon.
I personally suspect that as one moves up that list of 30,000 the numbers become larger and larger. The 95%/5% split may even be an optimistic view compared with reality.
This means that there is no algorithmic way to transform recursive functions into iterative ones, and any substitution must be based upon matching of patterns pre-coded into the compiler
I agree. I came across a similar concept in a Number Theory course. Consider a set of numbers where the member n is derived from a function of n-1. In many cases it is desirable to have an absolute equation where F(n) directly computes any member without knowing the member before it. We found that there were useful techniques in converting one system to the other but there was no tried and true stepwise method which could reliably generate an absolute function from a sequential function.
And then there's always the set of prime numbers which doesn't have any currently describable function, sequential, absolute, or otherwise.
Back in '93 I was taking my computer (paid for with my money) off to college. After a few months my parents went through the newspaper to buy another computer (paid for with their money) for my younger brother. They bought a used system which had a good price tag and came with lots of software on poorly labelled 3.5" disks. I was in college in another state and couldn't go along with them to judge the character of the person that they made the purchase from. When I came back at Christmas I looked through the software that he got with his system and said,"I really wouldn't trust any of this stuff. Stick with the software which we've legitimately bought." I think they thought that I was jealous of the amount of software which he got with his system because they pooh-poohed me off. To be fair I used quite a bit of warez'd software myself at the time--but it always came from sources that I trusted. I never used warez'd software that came with a system that I bought from some nobody out of the newspaper.
At Christmas my younger brother got shloads of new software, really cool games. He got things like Street Fighter, and Test Drive 2 (or 3), and three or four others. Really good stuff. My brother had two 3.5" drives and I hardware locked one of them (it had a DIP switch) so that it was read-only. Before I left I told him specifically,"When you play those brand new games that you got for Christmas be sure to use them only on _this_ drive which I locked so that it doesn't write." I didn't trust all of that warez'd software that came with his system.
When I came back for spring break every single one of his brand new games was dead in the water. Not a single one would boot. He was crestfallen and I was _very_ unhappy. I hated to see him that disappointed especially since he had gotten some of the coolest games on the planet. I ran a virus checker on the disks and every one of them had a boot sector virus. I don't remember what the name was. Since all of the 3.5" floppy games back then had custom boot sectors I couldn't rescue a single one of them. I don't know if he disregarded my warning about the warez'd software, or if he flipped the DIP switch back on the 3.5" drive, or if he didn't pay heed and carelessly used both 3.5" drives (many of the games had up to 5 disks). Whatever it was his brand new games were hosed.
6 years later I was between jobs and back living at home. My younger brother put NetBus on my machine as if it were a joke. Either he didn't learn the lesson of the damage of that sort of crap or else he felt like he needed to take revenge on someone for losing all that software. We haven't exchanged more the a dozen words in the 4 years since then.
I really liked that kid... sigh
HAHAHAHA! You beat me to it. I was going to say the same thing. :)
Your "yes" case sounds like more of a job than I'd like to have
Until performance review time comes around and the bean counters demand an explanation for every 30 second delay or every tiny inconsistency.
2) He thinks that security is a yes/no option. Security is nothing like that. If someone were to be honest with him, and tell him that nothing is truely secure and it's all trade-offs, and then explain the trade-offs of their particular product, I'm sure he would have thought they were weaseling, when in fact they were telling the truth.
AMEN!
It's a problem that I run into quite often and not just with security. When you come to understand a topic intimately enough you learn that there is very little in the world that's a yes/no option. Everything requires a level of expertise and must be tailored to the specific task at hand. The issue is that the people requesting the services don't know, don't have time to learn, and don't want to learn. They want the yes/no answer to keep their life easy. If you're the person attempting to sell your services in order to keep food on the plate, however, you're faced with a dilemma: Say "yes" and possibly get mired in a situation which is impossible (secure a network full of users who are actively trying to break the network), or say "no" and don't get the job.
The author of the exploit, if you bothered to RTFA, said he only found it because he came across a web site which was using it.
Boo-yah!
Oh Yeah? How about that newest vuln. in MS IE which relies on an exploit in their help system which they've known about since AUGUST of '03?!
Does that count as "as soon as possible"? It also defeats the myth that 0-day exploits don't exist.
Of course not. Typically the "cease, desist, and KEEP YOUR MOUTH SHUT" letter is plenty good enough.
Now that you really plug for it, though, wasn't there a guy in France who was on the run for publishing exploits in common Anti-Virus software? Slashdot even had a story about him. I tried googling, but "France antivirus vulnerability author" doesn't quite match the pages that I wanted.
Googling for "framed because proprietary software companies are opportunistic pigs" doesn't quite get it either.
f they had relays elsewhere, spammers would use them already
You don't pay attention to your spam, do you?
Spammers already use open relays. It's how they confound attempts to track down ISP is actually serving the spammer. The latest round of spam that has ended up in my inbox was sent through web-mail portals which don't keep track of the X-originating-IP.
Here's a clue. For free. Blocking port 25 is not going to stop the real spammers. It may stop the wannabes who get sucked in by "Make money from home!" schemes but it's not going to stop spam.
nd the third, well, they unfortunately seem the most common these days
One must be careful when using such statements as "those who can't do teach" though. Imagine you're in the company of the first or second group, but you don't know it, and you're joking around with your buddy in class and that line comes out. It's just not a good situation to be in.
It wouldn't be hard to write a script to have everything forwarded off through a web-mail account.
Why are you people so addicted to port 25 as if it's cast in iron? Relays can be set up anywhere around the world. Have you been reading the news lately?
Any spammer with the resources to make use of zombie boxes or international ISP relays will just bounce the mail out on port and use 25 someplace else. If a spammer were intelligent enough they'd hack together a script which would send the mail out in distributed form so as not to raise any threshold flags.
The only real way to stop spam is to go after the companies which produce the products that they sell.
Dumbass. Spammers will send their spam to a relay on a zombie box or to an ISP in .ro, .pk, .cn, .uk, etc. Haven't you been reading stories lately?
I'm glad to see Comcast joined the fight, too, but I really don't believe that this port 25 filtering is being done for the reasons they say it is.
Don't be a dumbass (oh wait. You're posting as AC for a reason).
First you're pointing out poster children examples. That's one high-profile example per country. For all you know those are isolated incidents of blatant official misuse of power.
Next you're only citing one side of the issues. In France--who was the publisher and what was their role in this? In Germany--those are laws which were initially written for them by the Allied occupational force (largely US). In Britain--the threat of "jail" is also called a "deterrant" by most people. In Pakistan and Saudi Arabia--people should know to keep their mouths shut. There must be more to those cases than picking some poor sap off the street and hanging him. In Canada--yeah, that's a SPECIAL CASE. Israel--you don't point out how the Israelis have massive US support and constantly antagonize the Palestinians using any available economic, political, and military means available to them. Taliban--The US blew up the Branch Davidians. It looks the same to the fanatics.
Just because there are places which have problems does not make it excusable for the US to be a blatant center of hypocrisy.
'Those who can't do teach'
When I was young and cocky I prattled off that line. I have regretted it for the last 8 years. It's insulting, demeaning, and while it may be true in some cases, it's not true in nearly all cases and is on the same order as prejudice and racism.
By blocking port 25, they say they cut Spam by 20% last week.
And I say they're full of dog turds.
Any spammer with half a clue will just move to a different port system. I bet the IT managers can work the numbers so that if one of the flatulates loudly they can reduce spam by 20%.
All major MTAs, if not all MTAs period, allow the identifier given on HELO/EHLO command to be independent of the hostname
That solves that problem. The only thing left to check is if the IP of the client is within the IP range alloted to the HELO/EHLO identifier. What about mobile users not sending mail using an outgoing SMTP host? Hopefully their client will return an EHLO/HELO identifier which correlates with whatever road ISP they're using.
then it's only unfriendly to people who spam and people who could probably do with a little more education on configuring their MTA
In my opinion this is a good thing in both cases.
Because my $9.95 dialup connection did?
Since when is the difference between residential service and business service defined by which TCP ports we use? Spreading FUD about port 25 and outright lies about how it will reduce spam is leaning towards this sort of model.
I was lately pondering the possibility of making my own ghost image of a default install and then creating a boot disk which would restore the system to the initially installed state. I looked at the size of the 2.6.6 kernel as it sat on my HD and wondered,"How will I ever put that and anything useful on a floppy?"
The Linux operating system has, for the longest time, appealed to me because it was slim, light, lean, and efficient. It is not just the window managers which are getting larger, though. The kernel is becoming positively huge. Applications such as Mozilla are happily following the path of their Windows counterparts. It seems that as Linux picks up public awareness the developers are heeding to the pressure to create a more featureful system in order to appeal to the public.
What public are they appealing to? The Linux world no longer seems to be targeting the computer gurus. The Linux world is increasingly developing to appeal to people who have difficulty remembering commands. The applications are catering to users who are illiterate in the sense that the only functional interface that they can use with any reliability is a point-and-click interface with a minimum of keyboard interaction.
Consider print managers. Three years ago, to install a print manager, I had to wade through configuration files and driver definition files. Then print managers evolved to give lists of printers to choose from. Now print managers go out of their way to present only one or two choices when identifying the printer. The number of acceptable screen options is directly proportional to the literacy of the user. Incidentally, lprng, cups, foomatic, etc. do not work with my old BJC-4200. Standard lpr with magicfilter is still my way to go. This may become obsolete, however, since the Canon BC-20 black block ink cartridge is increasingly hard to find.
Perhaps it's time to define how bleeding edge we need to be. I may be perfectly content to run a 2.4.26 kernel for the next ten years since many of my hardware accessories and drivers are experiencing trouble with the new 2.6 kernel series. Maybe Glib/Gdk/Gtk 2.4 will be the latest I ever go. I only use the libraries anyways. To keep my system light I build an LFS and use UDE.
Maybe Tanenbaum is right about microkernels being the only true solution--but it's tough to find a Radeon 7500 vid card driver for a microkernel based system to play DVDs.
Maybe I'll start to seriously look at those BSD CDs on my desk...
How do you handle mailservers on a LAN inside a firewall? I certainly wouldn't want my mailserver outside the firewall. Even if the host uses a perfectly valid TLD (company.com), the mailserver may identify itself as (ps1-hf56.company.com) which is only known to the DNS servers on the LAN inside the firewall. Incoming mail (SMTP connection) is handled at the firewall and redirected to a group of mailservers.
Not that it's a bad idea but it's not very friendly to companies which NAT their mailservers through a firewall.
ISPs (and any other business that gives a workstation a "real" IP address) need to block egress port 25. Comcast is going to be doing this soon, others should soon follow suit. This plugs the zombies
Get off your bandwagon. It's not going to work. Fancy language does not make it true. What do you mean by "egress"? Is that outgoing? You can't block a client machine from connecting to --dport 25 if the client machines are going to make legitimate port 25 connections to their smtp/pop3 server. Are you proposing that all --dport 25 connections originating from the client pool will only be allowed if they're connecting with the ISP mailserver? This won't stop the spammers. They'll simply forward their spam through webmail servers or through their Russian/Chinese ISPs. Do you mean incoming port 25 connections to the client pool? That won't stop anything. The spammers will move their zombie ports to something else and still use zombies to relay mail through ten or twelve hops before passing it out through a legit ISP. Legitimate mail servers still have to listen on port 25 and they don't care what the source port is. Are you advocating whitelists/blacklists? They suck and everyone knows it.
Get off the port 25 bandwagon!!! It will not stop spammers. The port 25 bandwagon is nothing but an ego-booster for ignorant IT managers and a foot-in-the-door for ISPs to begin regulating internet access by port. It will only lead to service plans being metered out by how many open ports are allowed.
What? Next I have to pay an extra fee to use IRC? Or an extra fee for various messenging clients? Or an extra fee for ftp? All in the name of stopping spammers? While the whole time, the spammers and P2P clogs don't care one whit for IANA port delegation and continue on as if nothing ever happened.
I like the idea of shutting down a connection that's spewing forth millions of e-mails/day. Default port 25 blocking, though? What about business connections? Are they going to have port 25 blocked? That hits the issue a bit more true, doesn't it? It's all about the money to the ISP. They don't really care about the spam. It's just about the business model. Some small business pouring out millions of spam e-mails on port 25 is fine. They pay their bill. The residential customers, however, we're got to ratchet them down and squeeze them for every penny they're worth.
if the fork is -not- worthy very few if any will switch to it and the product will wither and die
We'll have the marketing department take care of that. There's this one VP over in marketing that went to school with a couple guys that sit in the state Senate. He can convince them that our fork is infinitely superior and can probably swing some funding for a government technology and innovation grant. If we really play our cards right we may be able to patent the whole project based upon our fork and really screw the main tree devs.
Legit smtp servers which accept mail from a the customer side only listen on 25/465. A spammer doesn't care about that, though. What matters for a spammer is the pop3 server listening to the internet side on 25. Since the pop3 server must listen to port 25 on the internet side to receive any mail, how is blocking port 25 on the customer side going to stop even a mentally challenged spammer?
The zombies take care of getting the mail from the customer side to the internet. After that, no ISP is going to block port 25 on the internet side. How would any customers get mail:?
They will simply lop port 25, and force you to use their smtp servers, or lack thereof .ru which is listening on port 53219 which sends all mail to the legitimate destinations. When that zombie box gets blacklisted, I start using my zombies in .po, or .no, or on any major cable modem, DSL provider. They all run stripped down mailservers which listen on port 26205 and use scripts to send the mail out to legitimate addresses. Some of them even use scripts to send the mail out via web mail accounts.
I still don't understand the "block 25" band-aid. I can open outgoing port 45454 to a mailserver on my zombie box in
Am I missing something here? If you were a spammer, isn't that how you would've been doing it five years ago? What's the use of blocking port 25 other than to feed the hype, paranoia, and ignorance of the users with pretty headlines in newspapers or bulletins?
*NOTE*: I am not a spammer. I was speaking in the first person for the purpose of conjecture.