nanog mailing list archives
Re: Outgoing SMTP Servers
From: Leigh Porter <leigh.porter () ukbroadband com>
Date: Wed, 26 Oct 2011 22:43:56 +0000
On 26 Oct 2011, at 23:13, "Mark Andrews" <marka () isc org> wrote:
In message <op.v3y8xvo6tfhldh () rbeam xactional com>, "Ricky Beam" writes:On Tue, 25 Oct 2011 15:52:46 -0400, Alex Harrowell <a.harrowell () gmail com> wrote:>Why do they do that?You'd have to ask them. Or more accurately, you'd need to ask their system integrator -- I've never seen an "in house" network run like that. (and for the record, they were charging for that shitty network access.) Bottom line: Blocking port 25 (smtp) is undesirable, but necessary for a modern consumer internet. (Translation: It f'ing works.) This is the ISP saying, "You aren't a mail *server*."MTA == Mail Transfer Agent. You don't have to be a *server* to be a MTA. Blocking SMTP also prevents your customers running encrypted mail sessions to prevent nosy ISP's and others looking at what they are sending. With DNSSEC now being deployed and DANE being standardised, running a SMTP session with STARTTLS is being a reality.
This is what I used to do. Any outgoing port 25 was sunk into a pool of SMTP proxies that I wrote. These proxies would look for signs of authentication and if they found them, the session would be proxied to the original destination SMTP server from the same IP address of the originating host. Anything else was proxied to the pool of Ironports which would rate limit and otherwise SPAM examine the mail. That way people using authenticated servers would be allowed through on the assumption that in all likelihood they were OK. Others who do not auth or are SPAM bots would be scrubbed and rate limited quite severely. Our own customers were encouraged to use our outbound SMTP hosts which would either authenticate them if external or just allow them if internal, but with the SPAM scrubbing and less severe rate limiting enabled, Customers who need a higher volume of outbound mail can call us and authenticate to the SMTP servers and we can set them a bespoke profile for rate limiting and message size etc etc. That worked rather well because people's email got out and SPAM was largely stopped. The Ironports were darn good boxes if a little pricey, -- Leigh Porter ______________________________________________________________________ This email has been scanned by the MessageLabs Email Security System. For more information please visit http://www.messagelabs.com/email ______________________________________________________________________
Current thread:
- Re: Outgoing SMTP Servers, (continued)
- Re: Outgoing SMTP Servers William Herrin (Oct 25)
- Re: Outgoing SMTP Servers Owen DeLong (Oct 25)
- Re: Outgoing SMTP Servers William Herrin (Oct 25)
- Re: Outgoing SMTP Servers Owen DeLong (Oct 25)
- Re: Outgoing SMTP Servers Mike Jones (Oct 25)
- Re: Outgoing SMTP Servers Owen DeLong (Oct 26)
- Re: Outgoing SMTP Servers Henry Yen (Oct 26)
- Re: Outgoing SMTP Servers Graham Beneke (Oct 25)
- Re: Outgoing SMTP Servers Ricky Beam (Oct 26)
- Re: Outgoing SMTP Servers Mark Andrews (Oct 26)
- Re: Outgoing SMTP Servers Leigh Porter (Oct 26)
- Re: Outgoing SMTP Servers Mark Foster (Oct 26)
- Re: Outgoing SMTP Servers Mark Andrews (Oct 26)
- Re: Outgoing SMTP Servers Bjørn Mork (Oct 27)
- Re: Outgoing SMTP Servers Jay Ashworth (Oct 26)
- Re: Outgoing SMTP Servers William Herrin (Oct 25)
- Re: Outgoing SMTP Servers Owen DeLong (Oct 25)
- RE: Outgoing SMTP Servers Matt McBride (Oct 25)
- Re: Outgoing SMTP Servers Ricky Beam (Oct 25)
- Re: Outgoing SMTP Servers Douglas Otis (Oct 25)
- Re: Outgoing SMTP Servers Scott Howard (Oct 26)