nanog mailing list archives
Re: ingress SMTP
From: Charles Wyble <charles () thewybles com>
Date: Wed, 03 Sep 2008 13:58:21 -0700
*Hobbit* wrote:
What I'm trying to get a feel for is this: what proportion of edge customers have a genuine NEED to send direct SMTP traffic to TCP 25at arbitrary destinations?
Probably very few.
The big providers -- comcast, verizon, RR, charter, bellsouth, etc -- seem to be some of the most significant sources of spam and malware attempts, mostly from compromised end-user machines, and it seems that simply denying *INGRESS* of TCP 25 traffic except to the given ISP's outbound relay servers would cut an awful lot of it off at thepass.
I have SBC / AT&T / Yahoo DSL in Southern California and they block outbound 25 to anything but Yahoo SMTP server farm, and they only allow SSL
connectivity at that. I'm all for that personally.It was a minor effort to setup my charles () thewybles com address to be allowed out (had to fill out a webform and click a verify link).
Since most people use the address given to them by the provider and most likely use webmail this certainly won't affect them.
To top it all off I can fill out another web form and specifically request unblocking of ports and relay out mail server wherever I want.
So SBC has a policy of deny SMTP relaying by default,provide clear instructions to allow outbound relay via approved server farm if you don't want to be blocked request unblocking via a self service web form.
Seems perfectly acceptable to me. Thoughts? -- Charles Wyble (818) 280 - 7059 http://charlesnw.blogspot.com CTO Known Element Enterprises / SoCal WiFI project
Current thread:
- Re: ingress SMTP, (continued)
- Re: ingress SMTP Alec Berry (Sep 03)
- Re: ingress SMTP Stephen Sprunk (Sep 03)
- Re: ingress SMTP Simon Waters (Sep 03)
- Re: ingress SMTP Suresh Ramasubramanian (Sep 03)
- Re: ingress SMTP Justin Scott (Sep 03)
- Re: ingress SMTP Suresh Ramasubramanian (Sep 03)
- Re: ingress SMTP Daniel Senie (Sep 03)
- Re: ingress SMTP Chris Boyd (Sep 03)
- Why not go after bots? (was: ingress SMTP) Michael Thomas (Sep 03)
- Re: Why not go after bots? Charles Wyble (Sep 03)
- Re: Why not go after bots? (was: ingress SMTP) Suresh Ramasubramanian (Sep 03)
- RE: Why not go after bots? (was: ingress SMTP) Frank Bulk (Sep 03)
- Re: ingress SMTP Steven Champeon (Sep 03)
- Re: ingress SMTP Alec Berry (Sep 04)
- Re: ingress SMTP Mark Andrews (Sep 04)