From: Phil Howard on
On Fri, May 28, 2010 at 14:46, Victor Duchovni
<Victor.Duchovni(a)morganstanley.com> wrote:
> On Fri, May 28, 2010 at 02:35:13PM -0400, Phil Howard wrote:
>

>> Try it an see.  If it fails to connect or times out, and local policy
>> and/or message parameters allow this, fall back to SMTP.  Specific
>> detail are probably subject to discussion and maybe standardization.
>
> No. This is a really poor idea. You're not supposed to answer rhetorical
> questions, you just risk looking a bit silly...

Rhetorical questions that make no sense need to be refuted somehow.
What do you suggest as an alternative to just plain answering them
(for ones that are in the negative)?


>> I don't agree.  But it could be argued that SMTP+STARTTLS is
>> sufficient for MX.  I haven't done the analysis to know if the
>> exposure risks in STARTTLS apply to MX or not.
>
> See above.

And see what Greg posted. Analysis would be going in depth on what
lots of people say, and examining their evidence where available.


> I don't get into arguments with Greg.

Fine. Just understand there is more than one point of view.

From: Charles Marcus on
On 2010-05-28 11:56 AM, Phil Howard wrote:
> FYI, I do run SSH on various unassigned ports. That's because I
> don't want the log floods I'd get if I had SSH facing the wild on
> port 22 (I've had on a couple days over a million dictionary attempts
> to root, all unsuccessful, but occupying 99% of the log file space).

? That's what (something like) fail2ban is for...

--

Best regards,

Charles