nanog mailing list archives

Re: quietly....


From: Owen DeLong <owen () delong com>
Date: Fri, 4 Feb 2011 23:56:03 -0800


On Feb 4, 2011, at 7:25 PM, George Bonser wrote:


Yeah, I threw it in as an afterthought. ISP firewalls do exist and not
just small isolated incidents. I wish more money had gone into making
them much more adaptive, then you could enjoy your tcp/25 and possibly
not have a problem unless your traffic patterns drew concerns and
caused
an adaptive filter to block it (eh? thousands of emails suddenly to a
variety of servers? block). Interestingly, adaptive filters are often
used for probing scans (and we didn't apply them to tcp/25, why?)


Jack

Maybe because it is just easier to do a transparent redirect to the ISPs
mail server and look for patterns there.  Some customer drops a
bazillion email messages from a bazillion From: addresses in 14.7
seconds ... chances are you have a spam candidate.  If the spam filter
flags a lot (all?) of the messages as possible spam, queue them to the
quarantine until someone can have a look and if they are, dismiss the
customer and send them up the road OR inform them that they are possibly
bot-net infected and block access to port 25 from them until they get it
cleaned up.



The problem is some providers get a little too zealous and not only
break port 25 (which is just mildly annoying), but, also break 587
and in rare cases 465 as well.

Since I use SMTP+TLS to connect back to my mail server and
use STMPAUTH to send my mail, hotels and conference centers
that do this prove to be an annoying hurdle to doing something
useful.

The worst one I encountered was a JetStar lunch in Adelaide.

They not only blocked 25, 465, 587, etc. They blocked everything
except 80 and 443.

I resorted to using an SSH client on my iPad over 3G to log into my
server and start an SSH daemon on port 443 on an additional IP
address I assigned. After that, I was able to use SSH tunnels for
everything else.

I don't know what a less technical user would to do use their
lounge to actually use the internet. Just one more item in a long
list of reasons I will _NEVER_ do business with JetStar again
and will avoid Qantas unless I have no choice (since they own
JetStar).



Owen



Current thread: