On 26 Oct 2011, at 23:13, "Mark Andrews" <ma...@isc.org> wrote:
>
> In message <op.v3y8xvo6tfh...@rbeam.xactional.com>, "Ricky Beam" writes:
>> On Tue, 25 Oct 2011 15:52:46 -0400, Alex Harrowell <a.harrow...@gmail.com>
>> wrote:>
>>> Why do they do that?
>>
>> You'd have to ask them. Or more accurately, you'd need to ask their
>> system integrator -- I've never seen an "in house" network run like that.
>> (and for the record, they were charging for that shitty network access.)
>>
>> Bottom line: Blocking port 25 (smtp) is undesirable, but necessary for a
>> modern consumer internet. (Translation: It f'ing works.) This is the ISP
>> saying, "You aren't a mail *server*."
>
> MTA == Mail Transfer Agent. You don't have to be a *server* to be
> a MTA. Blocking SMTP also prevents your customers running encrypted
> mail sessions to prevent nosy ISP's and others looking at what they
> are sending. With DNSSEC now being deployed and DANE being
> standardised, running a SMTP session with STARTTLS is being a
> reality.
>
This is what I used to do.
Any outgoing port 25 was sunk into a pool of SMTP proxies that I wrote. These
proxies would look for signs of authentication and if they found them, the
session would be proxied to the original destination SMTP server from the same
IP address of the originating host.
Anything else was proxied to the pool of Ironports which would rate limit and
otherwise SPAM examine the mail.
That way people using authenticated servers would be allowed through on the
assumption that in all likelihood they were OK. Others who do not auth or are
SPAM bots would be scrubbed and rate limited quite severely.
Our own customers were encouraged to use our outbound SMTP hosts which would
either authenticate them if external or just allow them if internal, but with
the SPAM scrubbing and less severe rate limiting enabled,
Customers who need a higher volume of outbound mail can call us and
authenticate to the SMTP servers and we can set them a bespoke profile for rate
limiting and message size etc etc.
That worked rather well because people's email got out and SPAM was largely
stopped.
The Ironports were darn good boxes if a little pricey,
--
Leigh Porter
______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email
______________________________________________________________________
