What I meant was blocking telnetting anonymously to p25 (SMTP-MTA), used for server-to-server to initiate the transfer. Client fetching of mail happens over p587 (SMTP-MSA), some still uses p465 with a wrapper of some sort and are basically deprecated according to iana.

Most of the major ones with competent admins had those closed pretty fast (back then), and today it's pretty much idiotic to still allow anonymous access.

Well, you can make a hack to tunnel anything you want in/out of any port you want, but that still depends on A and B to communicate on the same level.

EDIT: The fact that you don't use tls it's pretty easy for others to snoop up your mail-address and passwords, which again is just one of many methods to gather potential targets...

what the fuck is r0blox sex and how do i do that

nmap, ah yes, i'm aware of that tool. Been a while since i used it.

I'd honestly go for a shared key method, where public keys are set up and private keys for people on their computer. Then signing and encrypting all email and verifying (at the server level). Yeah takes a little more processing power, but 99.99% of spam would die this way because it's not raw text. You can't really fool it, unless a key gets broken, in which case you give a new key or require updating the key to the next larger size every couple years.

With pre-shared keys? I agree, but encrypting the mail itself (inside of the already encrypted communication) is rather tiresome, especially when very few uses it, like GnuPGP, so it's dependent on both A and B to use it.

Other than Protonmail I can't think of any "easy" solution if security and privacy is a must have...

Take a look at their bounty page. Very amusing the things that are on offer. Things which are practically standard on any other platform and they're offering a small windfall for them.

It must be coded in something nobody wants to work with for those bounties.

Hmm, PHP and C. No wonder. At least Javascript and PHP sounds more sensible a combination.

If it's the default and done more or less transparently (other than entering a password when you need it) it wouldn't matter so much.

But alas, much like zlib/gz being used for compression packets on the internet, we're probably stuck with it... because it's sorta the standard and was implemented when we had far more limitations on hardware.

I'm enjoying the idea that Valve hired half a dozen programming students and their stuff is all in C but every block ends with a goto pointed at another block. Or else Gaben was a personal friend of Larry Wall and hired him for it, so Wall programmed the client in C but somehow using Perl syntax.

While other accounts exist, i'm the only actual user for the email. Passwords have to be accessed via squirrelmail, as SMTP is only email in, email out. No logging in to do. You have to either use mail or squirrelmail to send emails, so they'd have to brute force that to get anything (to be fair, i don't really have any special protection for it, outside of the crappy hardware). TLS just offers an extra pain (probably not much, but i haven't looked into it) when something happens to my postfix config.

Though, no, i still don't see the issue with SMTP and anonymous connection, unless you mean anonymous sending. You don't have to block the port to solve that issue.

Please, tell me more on this.
Eh, if it became common practice, the pubkey would be available to the spammers the same avenue the email address is, which wouldn't solve anything. Sure, it'd solve the crap we're seeing now, but not for long. If the key is done privately, why not just give out the email privately as well? I've seen people have success with whitelisting email addresses, as well, and spam rarely comes from a known source (does happen, but much less common).
If you're worried about the privacy of emails, you should be using external tools to encrypt the data within the email. Things setting on storage, if you're not the admin, tends to get pulled and looked at.

Well, squirrelmail itself isn't overly popular. Squirrelmail is meant to run as a plugin for apache, and also meant to work for a multitude of mailbox methods (file, dovecot, etc). It's a general headache. It works and is good, but a royal pain, like postfix. To be fair though, i'm surprised the devs themselves didn't claim the bounties. These are not necessarily rocket science, so it must be hard for one particular reason or another.

I'm not worried. I don't use public mail services like gmail or hotmail at least, but I use encryption between me and my servers, and it's really not a hassle.

I mentioned two methods that are relatively known as security precautions. Anonymous connection and anonymous sending IS basically the same thing, it's still open for heavy abuse.

And no, I'm still not talking about blocking p25 directly - that would actually stop SMTP-MTA connection between servers.

I'm only trying to give you some pointers here... it's totally up to you what you do with that info. But if you don't see the case there then I just hope you don't work as an admin / sec admin. XD

I concluded as much. Even for what it does, it seems there are better, and more modern systems. And for internal server mails, I feel most are happy to make their own or use something simpler.

We're a DirectAdmin shop and we default to using squirrelmail.

Most of our clients are tied to their iPhones and Outlook though.

When I mentioned about the anonymous telnetting p25 in post nr 14, I was speaking generally and was originally answering rtcvb32, not to you. Only about the lack of encryption, but I'm stopping there now, as this is fruitless and getting staled ;-)

Comes with Windows. Why install anything else?

Heck, even I use the build in email app on my ipod touch instead of downloading the separate GMail app. Works for me....