On 06/09/2014 04:56 PM, li...@rhsoft.net wrote: >>> well, one could say: block them from submission port and don't allow >>> SASL on 25, but that works only if you are a startup beginning from >>> scratch, >> >> If that's the case then you can put submission on a separate IP address, >> so that your users can continue to submit to port 25 > > "so that your users can continue to submit to port 25" > > and how will that lead to "close port 25 completly"?
So on the one hand you complain about how difficult it is to switch users off of port 25, but then when I give you a solution that means you don't have to you complain because you don't want them on port 25? Make up your mind, please. > my server has not to handle *any* MX traffic from outside, Then I fail to see what the problem is. > besides that you gain nothing why in the world should admins > deal with all sort of workarounds because MUA developers are > too stupid for sane defaults and insist in use 25? Please, go to Microsoft, Apple, Google, etc, and convince all of them to write their software the way you want. Unfortunately we live in the real world and this is what we have to deal with. Depending on your specific situation you may or may not have to cater to those MUAs. > frankly *all* ISP's should start to block outgoing port 25 I would love to see that, but again, we live in the real world. > and the problem would go away at the same time as 90% of > attempted spam delivery would disappear because all the > infected zombies have no longer a way to send their crap > without hacking the acount data and use real submission PBLs, FCRDNS, etc help a lot with this as well. Postscreen, when properly configured, is great at filtering zombie SPAM. The harder SPAM to filter tends to be SPAM that originates from legitimate servers, as you have said. > the difference ISP is blocking 25 or i do the same is simply > that nobody calls the ISP but anybody blames his mail admin > which can help in both cases but in one point to the ISP :-) Regardless of who is blocking it you have to deal with the results. As I said earlier you may be in a position where you can just block 25 outright and be able to push all your users to submission, or this may be too overwhelming of a task. The difference is that if the ISP blocks it then the user is *already* on 587. Peter
