[Asrg] Software bashing [mostly OT, but on at the end]

[Chris Lewis]

der Mouse wrote:
>>>> Now what happens to all the small businesses that use MS-Exchange
>>>> to send email?
>>> [T]hey get a sharp lesson in [...] how a non-spammer looking enough
>>> like a spammer will get treated like a spammer.
> 
>>> I see no more need to support direct-to-MX-from-Exchange [...]
> 
>> Direct-to-MX-from-Exchange?  That's what it's _supposed_ to do.  It's
>> the MTA.
> 
> Right.  But it's an unusually badly behaved one.  Exchange is good
> groupware with a bad MTA duct-taped onto the side.

That was true of archaic Exchange implementations.  Eg: the infamous
"Exchange 5" (aka IIS 5).  As was Sun Sendmail SMI 4.1.

But, reasonably recent Exchange is just fine in SMTP.

A consumer level site may see a different mix of MTAs than we do, but
it's been our experience that Exchange as an outbound is generally not a
problem, and we see lots of perfectly legit email from Exchange servers.

Many small-to-medium businesses lack the expertise to run something else.

I wouldn't dream of blocking an email based on a p0f signature of
"Windows" (tho, maybe Win95, 98 ;-) I'd score it.

> And if there were some way to identify Exchange, all its getting a free
> pass would mean would be that bitnet herders would mass-install
> Exchange on their zombies and send through it - or, perhaps even more
> likely, just forge whatever Exchange indicator(s) get(s) widely used.

If there was some way to identify windows via passive O/S
fingerprinting, all that giving anything else a free[r] pass would mean
that the botnet herders would get something to fake that something else.

Hint: it's already in BOTs.  And that's _all_ I'm going to say about that.