Re: ingress SMTP

[Charles Wyble <charles () thewybles com>]

*Hobbit* wrote:
> What I'm trying to get a feel for is this: what proportion of edge
> customers have a genuine NEED to send direct SMTP traffic to TCP 25
> at arbitrary destinations? 

Probably very few.
> The big providers -- comcast, verizon, RR, charter, bellsouth, etc --
> seem to be some of the most significant sources of spam and malware
> attempts, mostly from compromised end-user machines, and it seems
> that simply denying *INGRESS* of TCP 25 traffic except to the given
> ISP's outbound relay servers would cut an awful lot of it off at the
> pass. 


I have SBC / AT&T / Yahoo DSL in Southern California and they block 
outbound 25 to anything but Yahoo SMTP server farm, and they only allow SSL
connectivity at that. I'm all for that personally.

It was a minor effort to setup my charles () thewybles com address to be 
allowed out (had to fill out a webform and click a verify link).

Since most people use the address given to them by the provider and most 
likely use webmail this certainly won't affect them.

To top it all off I can fill out another web form and specifically 
request unblocking of ports and relay out mail server wherever I want.

So SBC has a policy of

deny SMTP relaying by default,
provide clear instructions to allow outbound relay via  approved server 
farm
if you don't want to be blocked request unblocking via a self service 
web form.

Seems perfectly acceptable to me.

Thoughts?


--
Charles Wyble (818) 280 - 7059
http://charlesnw.blogspot.com
CTO Known Element Enterprises / SoCal WiFI project