Firewall Wizards mailing list archives
Re: SMTP forwarding question
From: jseymour () linxnet com (Jim Seymour)
Date: Thu, 30 Sep 2004 19:33:08 -0400 (EDT)
Nagy Attila <bra () fsn hu> wrote:
[snip]
I think the only thing why you think it's stupid is that I've left off an important information: the given company would be an ISP, which has a lot of problems about their users spamming and flooding the world with viruses.
Gee, just a small detail, eh?
If the ISP blocks outgoing tcp/25, then all of its users who use other SMTP servers on the internet (for example mail.ispB.com with POP before SMTP or via SMTP AUTH) will not be able to use their server.
Almost the same answer I gave before, except for the pop3 part. Port 25 should be blocked except to your SMTP servers. Only exception is static IP assignments that are *not* buried in otherwise dynamic blocks. (Usually business, small-office/home-office class services.) All others must use port 465 (smtps) or 587 (submission).
I am aware of the fact, that a clear policy should be that every user MUST send mail via mail.ispA.com, but as the Earth's shape is not exactly round, the users say that if they cannot send mail from their notebook from ISP A to ISP B (via authenticated SMTP) and it works from ISP C, then they will choose ISP C, not A.
[snip] ISP C will block port 25, sooner-or-later, or ISP C will find its traffic widely refused on the Internet. The days of allowing random machines to make random connections on port 25 are fast coming to an end. You can thank spammers and uncle Bill for that. Jim _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: SMTP forwarding question Devdas Bhagat (Sep 30)
- <Possible follow-ups>
- Re: SMTP forwarding question Jim Seymour (Sep 30)
- Re: SMTP forwarding question Marcus J. Ranum (Oct 01)