nanog mailing list archives

RE: Outgoing SMTP Servers

From: Brian Johnson <bjohnson () drtel com>
Date: Mon, 31 Oct 2011 13:23:04 +0000

Bill,

Responses in-line...

-----Original Message-----
From: Bill Stewart [mailto:nonobvious () gmail com]
Sent: Friday, October 28, 2011 6:22 PM
To: nanog () nanog org
Cc: Brian Johnson
Subject: Re: Outgoing SMTP Servers


<snip>


I've got a strong preference for ISPs to run a
Block-25-by-default/Enable-when-asked.  As a purist, I'd prefer to
have Internet connections that are actually Internet connections, and
if you want to run email on a Linux box at home or have an Arduino in
your refrigerator email the grocery when you're out of milk, you
should be able to, and if some meddling kid at an ISP wants to block
it, they should get off your lawn.  In practice, of course, somewhere
between 99.9% and 99.999% of all home MTAs aren't Linux boxes or Macs,
they're zombie spambots on home PCs, or occasional driveby wifi
spammers or other pests, and not only should outgoing mail be blocked,
but the user should be notified and the connection should probably be
put into some kind of quarantined access.


This is, of course, exactly why this blocking is done.

But that's for Port 25 - the Port 25 blocking by ISPs has largely
pushed Email Service Providers to use other protocols such as 587 for
mail submission from an MUA to the MTA, or webmail instead, and it's
really bad practice for ISPs to interfere with that.  In some cases
they'll still be sending spam, but that's the MTA's job to filter out,
and if they don't, they'll end up on a bunch of RBLs.  (And generally
they'll be trying to keep their mail clean themselves - if the MTA
providers were spammers, they wouldn't need to go to the trouble of
having actual residential users as customers when they could
mass-produce it cheaper directly.)


For clarity it's really bad for ISPs to block ports other than 25 for the purposes of mail flow control... correct?

I would not block submission ports, specifically 587. More specifically, the only port I will block would be 25. The 
RFC actually says to use the submission port  for the MUA to MTA anyways. RFC 5068 is definitive on this issue. Also 
read RFC 4409 and its predecessors.

My take on this is that it IS best practice to have users use the submission port (587) for mail submission from the 
MUA to an MTA.

Call me a liar! :) 

- Brian

Current thread:

Re: Outgoing SMTP Servers, (continued)
- - - Re: Outgoing SMTP Servers Jack Bates (Oct 31)
    - Re: Outgoing SMTP Servers Robert Bonomi (Oct 31)
    - Re: Outgoing SMTP Servers Brian Johnson (Oct 31)
    - RE: Outgoing SMTP Servers Keith Medcalf (Oct 31)
    - Message not available
    - Re: Outgoing SMTP Servers William Herrin (Oct 30)
    - Re: Outgoing SMTP Servers Valdis . Kletnieks (Oct 28)
    - RE: Outgoing SMTP Servers Brian Johnson (Oct 28)
    - Message not available
    - RE: Outgoing SMTP Servers Brian Johnson (Oct 28)
    - Re: Outgoing SMTP Servers Owen DeLong (Oct 28)
    - Re: Outgoing SMTP Servers Bill Stewart (Oct 28)
    - RE: Outgoing SMTP Servers Brian Johnson (Oct 31)
    - Re: Outgoing SMTP Servers Brian Johnson (Oct 28)
    - Re: Outgoing SMTP Servers William Herrin (Oct 28)
    - Re: Outgoing SMTP Servers Mike Jones (Oct 28)
    - Re: Outgoing SMTP Servers Brian Johnson (Oct 28)
    - RE: Outgoing SMTP Servers McCall, Gabriel (Oct 28)
    - Re: Outgoing SMTP Servers Jay Ashworth (Oct 30)
- RE: Outgoing SMTP Servers Tim (Oct 25)
  - Re: Outgoing SMTP Servers Leigh Porter (Oct 26)
- Re: Outgoing SMTP Servers Blake Hudson (Oct 25)
  - Re: Outgoing SMTP Servers J (Oct 25)

(Thread continues...)