On 15 Jan 2020, at 7:56, Sam Tuke wrote:
I noticed that newsletters which I receive from large firms are
typically sent from servers which have port 25 closed.
Is it common practice to close port 25 on bulk sending servers?
Yes, and not only for bulk sending servers.
Should we do this for Postfix servers which serve the same role?
What's the advantage?
It is quite common for inbound and outbound email to be handled by
separate systems. In environments using internal mail servers that
aren't good at spam exclusion and/or have a general pattern of chronic
insecurity (e.g. Exchange) it is not uncommon to have them sending
outbound mail from behind a very strict firewall and/or NAT with no
listeners exposed to the world and to receive via a more robust platform
for dealing with mail from the Internet.
Maybe the MTAs that such senders use are so customised as to be
capable of only sending, not receiving, mail?
There's some of that for very large senders, but in the modern age of
almost everything being virtual, it is also just simpler to disperse
essentially independent functions onto independent systems, with each
specifically configured and scaled to their role. In DNS this has meant
splitting authoritative servers and resolvers. In email this has meant a
more diverse split, with public MXs, initial mail submission handlers,
outbound queue handlers, mailstore management & access, and internal
distribution potentially being autonomous systems. This can simplify the
configuration of each system and make securing them less challenging.
--
Bill Cole
b...@scconsult.com or billc...@apache.org
(AKA @grumpybozo and many *@billmail.scconsult.com addresses)
Not For Hire (currently)
