nanog mailing list archives
Re: ingress SMTP
From: Stephen Sprunk <stephen () sprunk org>
Date: Wed, 03 Sep 2008 12:07:22 -0500
Alec Berry wrote:
Michael Thomas wrote:But the thing that's really pernicious about this sort of policy is that it's a back door policy for ISP's to clamp down on all outgoing ports in the name of "security".I don't think ISPs have anything to gain by randomly blocking ports. They may block a port that is often used for malicious behavior (135-139, 194, 445, 1433, 3306 come to mind) as a way to reduce their support calls-- but they would have to balance that with the risk of loosing customers. It's not as much a slippery slope as much as it is a tightrope act (yes-- I am metaphorically challenged).
I see nothing wrong with filtering commonly abused ports, provided that the ISP allows a user to opt out if they know enough to ask.
When port 25 block was first instituted, several providers actually redirected connections to their own servers (with spam filters and/or rate limits) rather than blocking the port entirely. This seems like a good compromise for port 25 in particular, provided you have the tools available to implement and support it properly.
I also agree with the comments about switching customers to 587. My former monopoly ISP only accepted mail on 25 and I had endless problems trying to send mail from airports, hotels, coffee shops, etc. while traveling. The same hotspots also tended to block port 22, so I couldn't even forward mail via my own server. However, my new monopoly ISP only accepts mail on 587, and I have yet to have a single problem with that from any hotspot I've used since the switch. Ditto for reading my mail via IMAPS/993, whereas I used to have occasional problems reading it via IMAP/143.
S
Current thread:
- Re: ingress SMTP, (continued)
- Re: ingress SMTP Joel Jaeggli (Sep 10)
- Re: ingress SMTP Robert E. Seastrom (Sep 11)
- Re: ingress SMTP Bill Stewart (Sep 12)
- Re: ingress SMTP Mark Foster (Sep 12)
- Re: ingress SMTP Matthew Moyle-Croft (Sep 12)
- RE: ingress SMTP Frank Bulk (Sep 13)
- Re: ingress SMTP Matthew Moyle-Croft (Sep 13)
- Re: ingress SMTP Suresh Ramasubramanian (Sep 13)
- RE: ingress SMTP Frank Bulk (Sep 13)
- Re: ingress SMTP Alec Berry (Sep 03)
- Re: ingress SMTP Stephen Sprunk (Sep 03)
- Re: ingress SMTP Simon Waters (Sep 03)
- Re: ingress SMTP Justin Scott (Sep 03)
- Re: ingress SMTP Suresh Ramasubramanian (Sep 03)
- Re: ingress SMTP Daniel Senie (Sep 03)
- Re: ingress SMTP Chris Boyd (Sep 03)
- Why not go after bots? (was: ingress SMTP) Michael Thomas (Sep 03)