nanog mailing list archives
Re: Outgoing SMTP Servers
From: Scott Howard <scott () doc net au>
Date: Wed, 26 Oct 2011 20:07:58 -0700
On Tue, Oct 25, 2011 at 2:49 AM, Owen DeLong <owen () delong com> wrote:
Interesting... Most people I know run the same policy on 25 and 587 these days... to-local-domain, no auth needed. relay, auth needed. auth required == TLS required. Anything else on either port seems not best practice to me.
RFC 5068 covers the best practice, and it's not what you've got above. Allowing unauthenticated inbound mail on port 587 defeats the entire purpose of blocking port 25 - the front door is now closed to spammers, but you've left the back door open! (Security through obscurity saves you here in that spammers rarely use port 587 - yet). There isn't a single situations where you should be expecting an unauthenticated inbound message on the 'Submission' port (is, 587) As much as some ISPs still resist blocking port 25 for residential customers, it does have a major impact on the volume of spam leaving your network. I've worked with numerous ISPs as they have gone through the process of blocking port 25 outbound. In every case the number of end-user complaints has been low enough to be basically considered background noise, but the benefits have been significant - including one ISP who removed not only themselves but also their entire country from most of the 'Top 10 Spammers' list when they did it! Scott.
Current thread:
- Re: Outgoing SMTP Servers, (continued)
- Re: Outgoing SMTP Servers Leigh Porter (Oct 26)
- Re: Outgoing SMTP Servers Mark Foster (Oct 26)
- Re: Outgoing SMTP Servers Mark Andrews (Oct 26)
- Re: Outgoing SMTP Servers Bjørn Mork (Oct 27)
- Re: Outgoing SMTP Servers Jay Ashworth (Oct 26)
- Re: Outgoing SMTP Servers William Herrin (Oct 25)
- Re: Outgoing SMTP Servers Owen DeLong (Oct 25)
- RE: Outgoing SMTP Servers Matt McBride (Oct 25)
- Re: Outgoing SMTP Servers Ricky Beam (Oct 25)
- Re: Outgoing SMTP Servers Douglas Otis (Oct 25)
- Re: Outgoing SMTP Servers Scott Howard (Oct 26)
- Re: Outgoing SMTP Servers Owen DeLong (Oct 26)
- Re: Outgoing SMTP Servers Bjørn Mork (Oct 27)
- RE: Outgoing SMTP Servers Brian Johnson (Oct 27)
- Re: Outgoing SMTP Servers Valdis . Kletnieks (Oct 27)
- Re: Outgoing SMTP Servers Robert Bonomi (Oct 27)
- RE: Outgoing SMTP Servers Brian Johnson (Oct 27)
- Re: Outgoing SMTP Servers William Herrin (Oct 27)
- RE: Outgoing SMTP Servers Brian Johnson (Oct 27)
- Re: Outgoing SMTP Servers Valdis . Kletnieks (Oct 27)
- Re: Outgoing SMTP Servers Pete Carah (Oct 27)