Thank you all for your insightful replies. Sam.
On 15/01/2020 15:24, Bill Cole wrote: > On 15 Jan 2020, at 7:56, Sam Tuke wrote: > >> I noticed that newsletters which I receive from large firms are typically >> sent from servers which have port 25 closed. >> >> Is it common practice to close port 25 on bulk sending servers? > > Yes, and not only for bulk sending servers. > >> Should we do this for Postfix servers which serve the same role? What's the >> advantage? > > It is quite common for inbound and outbound email to be handled by separate > systems. In environments using internal mail servers that aren't good at spam > exclusion and/or have a general pattern of chronic insecurity (e.g. Exchange) > it is not uncommon to have them sending outbound mail from behind a very > strict firewall and/or NAT with no listeners exposed to the world and to > receive via a more robust platform for dealing with mail from the Internet. > >> Maybe the MTAs that such senders use are so customised as to be capable of >> only sending, not receiving, mail? > > There's some of that for very large senders, but in the modern age of almost > everything being virtual, it is also just simpler to disperse essentially > independent functions onto independent systems, with each specifically > configured and scaled to their role. In DNS this has meant splitting > authoritative servers and resolvers. In email this has meant a more diverse > split, with public MXs, initial mail submission handlers, outbound queue > handlers, mailstore management & access, and internal distribution > potentially being autonomous systems. This can simplify the configuration of > each system and make securing them less challenging. >
