Re: SMTP forwarding question

[jseymour () linxnet com (Jim Seymour)]

Nagy Attila <bra () fsn hu> wrote:
>
[snip]
> I think the only thing why you think it's stupid is that I've left off 
> an important information:
> the given company would be an ISP, which has a lot of problems about 
> their users spamming and flooding the world with viruses.

Gee, just a small detail, eh?

> If the ISP blocks outgoing tcp/25, then all of its users who use other 
> SMTP servers on the internet (for example mail.ispB.com with POP before 
> SMTP or via SMTP AUTH) will not be able to use their server.

Almost the same answer I gave before, except for the pop3 part.  Port
25 should be blocked except to your SMTP servers.  Only exception is
static IP assignments that are *not* buried in otherwise dynamic
blocks.  (Usually business, small-office/home-office class services.)

All others must use port 465 (smtps) or 587 (submission).

> I am aware of the fact, that a clear policy should be that every user 
> MUST send mail via mail.ispA.com, but as the Earth's shape is not 
> exactly round, the users say that if they cannot send mail from their 
> notebook from ISP A to ISP B (via authenticated SMTP) and it works from 
> ISP C, then they will choose ISP C, not A.
[snip]

ISP C will block port 25, sooner-or-later, or ISP C will find its
traffic widely refused on the Internet.

The days of allowing random machines to make random connections on port
25 are fast coming to an end.  You can thank spammers and uncle Bill
for that.

Jim
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards