Re: [fw-wiz] SMTP forwarding question

From: Jim Seymour (jseymour_at_linxnet.com)
Date: 10/01/04

  • Next message: Mark Tinberg: "Re: [fw-wiz] Log checking?"
    To: firewall-wizards@honor.icsalabs.com
    Date: Thu, 30 Sep 2004 19:33:08 -0400 (EDT)
    
    

    Nagy Attila <bra@fsn.hu> wrote:
    >
    [snip]
    > I think the only thing why you think it's stupid is that I've left off
    > an important information:
    > the given company would be an ISP, which has a lot of problems about
    > their users spamming and flooding the world with viruses.

    Gee, just a small detail, eh?

    >
    > If the ISP blocks outgoing tcp/25, then all of its users who use other
    > SMTP servers on the internet (for example mail.ispB.com with POP before
    > SMTP or via SMTP AUTH) will not be able to use their server.

    Almost the same answer I gave before, except for the pop3 part. Port
    25 should be blocked except to your SMTP servers. Only exception is
    static IP assignments that are *not* buried in otherwise dynamic
    blocks. (Usually business, small-office/home-office class services.)

    All others must use port 465 (smtps) or 587 (submission).

    >
    > I am aware of the fact, that a clear policy should be that every user
    > MUST send mail via mail.ispA.com, but as the Earth's shape is not
    > exactly round, the users say that if they cannot send mail from their
    > notebook from ISP A to ISP B (via authenticated SMTP) and it works from
    > ISP C, then they will choose ISP C, not A.
    [snip]

    ISP C will block port 25, sooner-or-later, or ISP C will find its
    traffic widely refused on the Internet.

    The days of allowing random machines to make random connections on port
    25 are fast coming to an end. You can thank spammers and uncle Bill
    for that.

    Jim
    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards


  • Next message: Mark Tinberg: "Re: [fw-wiz] Log checking?"

    Relevant Pages

    • Re: Wireless printer IP address
      ... [big snip] ... It gives a port address that looks like an IP address to me. ... ISP, and she can't "see" the printer in order to print ... I wasn't near this busy before I ...
      (alt.comp.hardware.pc-homebuilt)
    • Re: Dumb Newbie
      ... > ISP is filtering traffic to port 25? ... Fedora GNU/Linux Core 1 on Athlon CPU kernel 2.4.22-1.2149.nptl ...
      (Fedora)
    • Re: Connecting a user to AOL (anything I should know?!)
      ... I don`t handle the correspondance for end users. ... So if the ISP and telecom provider are the same then there should not ... cancelling ISPA and starting with ISPB, causing a time gap wher eyou ...
      (uk.comp.homebuilt)
    • Re: Access to Vigay.com
      ... stand to benefit financially from its inception. ... Parasites, all. ... to our servers outside your ISP". ...
      (comp.sys.acorn.misc)
    • Re: ISP Virgin
      ... I'd expect Virgin's servers to be accessible ... BT have two different ISP offerings. ... BTinternet allow outgoing SMTP ...
      (comp.sys.acorn.misc)