Re: Outgoing SMTP Servers

2011-11-03 Thread Bill Stewart
On Mon, Oct 31, 2011 at 6:23 AM, Brian Johnson wrote: > For clarity it's really bad for ISPs to block ports other than 25 for the > purposes of mail flow control... correct? Yes, correct. If you're using another mail submission port, you're connecting to a mail service that has the responsibilit

Re: Outgoing SMTP Servers

2011-11-01 Thread Carlos Martinez-Cagnazzo
The point to make here is: - if an ISP takes the path of blocking tcp/25, then they MUST communicate this appropiately to customers and other users - they also MUST provide alternatives: SMTP over SSL should be allowed (tcp/465), authenticated relay, but *something*. IMO blocking 25/tcp is a side

Re: Outgoing SMTP Servers

2011-10-31 Thread Jack Bates
On 10/31/2011 8:12 PM, Brian Johnson wrote: Sent from my iPad On Oct 31, 2011, at 1:30 PM, "Jack Bates" wrote: On 10/31/2011 11:48 AM, Michael Thomas wrote: I've often wondered the same thing as to what the resistance is to outbound filtering is. I can think of a few possibilities: 1) cos

RE: Outgoing SMTP Servers

2011-10-31 Thread Keith Medcalf
Dave CROCKER [mailto:d...@dcrocker.net] said on Sunday, 30 October, 2011 22:41 > On 10/30/2011 8:36 PM, Brian Johnson wrote: >> So you support filtering end-user outbound SMTP sessions as this is a >> means to prevent misuse of the Commons*. Correct? > If it is acceptable to have the receiving

Re: Outgoing SMTP Servers

2011-10-31 Thread Brian Johnson
Sent from my iPad On Oct 31, 2011, at 4:17 PM, "Robert Bonomi" > There is an at-least-somewhat-valid argument against outbound filtering. > to wit, various receiving systems may have different policies on what is/ > is-not 'acceptable' traffic. They have a better idea of what is acceptable

Re: Outgoing SMTP Servers

2011-10-31 Thread Brian Johnson
Sent from my iPad On Oct 31, 2011, at 1:30 PM, "Jack Bates" wrote: > > > On 10/31/2011 11:48 AM, Michael Thomas wrote: >> I've often wondered the same thing as to what the resistance is to outbound >> filtering is. I can think of a few possibilities: >> >> 1) cost of filtering >> 2) false p

Re: Outgoing SMTP Servers

2011-10-31 Thread Robert Bonomi
On: Mon, 31 Oct 2011 09:48:21 -0700, Michael Thomas opined: > > Dave CROCKER wrote: > > > > > > On 10/30/2011 8:36 PM, Brian Johnson wrote: > >> So you support filtering end-user outbound SMTP sessions as this is a > >> means to prevent misuse of the Commons*. Correct? > > > > > > If it is a

Re: Outgoing SMTP Servers

2011-10-31 Thread Jack Bates
On 10/31/2011 11:48 AM, Michael Thomas wrote: I've often wondered the same thing as to what the resistance is to outbound filtering is. I can think of a few possibilities: 1) cost of filtering 2) false positives 3) really _not_ wanting to know about abuse On the other hand, you have 1) cost

Re: Outgoing SMTP Servers

2011-10-31 Thread Michael Thomas
Dave CROCKER wrote: On 10/30/2011 8:36 PM, Brian Johnson wrote: So you support filtering end-user outbound SMTP sessions as this is a means to prevent misuse of the Commons*. Correct? If it is acceptable to have the receiving SMTP server at one end of a connection do filtering -- and it is

RE: Outgoing SMTP Servers

2011-10-31 Thread Brian Johnson
Bill, Responses in-line... >-Original Message- >From: Bill Stewart [mailto:nonobvi...@gmail.com] >Sent: Friday, October 28, 2011 6:22 PM >To: nanog@nanog.org >Cc: Brian Johnson >Subject: Re: Outgoing SMTP Servers > > >I've got a strong preference for IS

Re: Outgoing SMTP Servers

2011-10-30 Thread Dave CROCKER
On 10/30/2011 8:36 PM, Brian Johnson wrote: So you support filtering end-user outbound SMTP sessions as this is a means to prevent misuse of the Commons*. Correct? If it is acceptable to have the receiving SMTP server at one end of a connection do filtering -- and it is -- then why wouldn'

Re: Outgoing SMTP Servers

2011-10-30 Thread Brian Johnson
On Oct 30, 2011, at 2:19 PM, Dave CROCKER wrote: > > Email travels over shared resources. Spam consumes roughly %95 percent of > that shared path (comm lines and servers). Receiving operators must devote > masses of resources to filter that firehose of mostly junk, in order to get > every

Re: Outgoing SMTP Servers

2011-10-30 Thread William Herrin
On Sun, Oct 30, 2011 at 3:17 PM, Dave CROCKER wrote: > Your misunderstanding of physical pollution pollutes your understanding of > spam.  But it turns out that you seem to misunderstand spam quite a bit, > independently. Okay wise guy. Let's take another look at your version of email spam as pol

Re: Outgoing SMTP Servers

2011-10-30 Thread Dave CROCKER
Bill, Your misunderstanding of physical pollution pollutes your understanding of spam. But it turns out that you seem to misunderstand spam quite a bit, independently. On 10/27/2011 9:26 PM, William Herrin wrote: If you throw pollution into the air, it may eventually impact me or it may blo

Re: Outgoing SMTP Servers

2011-10-30 Thread Jay Ashworth
- Original Message - > From: "Valdis Kletnieks" > On Thu, 27 Oct 2011 18:17:22 -, Brian Johnson said: > > So... I'm in complete agreement with your statement, but The > > Wikipedia reference is not pertinent. > > So I point out the tragedy of the commons, you agree with it, but the

Re: Outgoing SMTP Servers

2011-10-28 Thread Brian Johnson
++1 - Brian Sent from my iPad On Oct 28, 2011, at 2:05 PM, "Mike Jones" wrote: > On 28 October 2011 16:41, wrote: >> You *do* realize that for all your nice "Thei Internet Is Not A Commons" >> ranting, the basic problem is that some people (we'll call them spammers) >> *do* >> think that (a

Re: Outgoing SMTP Servers

2011-10-28 Thread Brian Johnson
Sent from my iPad On Oct 28, 2011, at 2:56 PM, "Owen DeLong" wrote: > > > Sent from my iPhone > > On Oct 28, 2011, at 12:16, Brian Johnson wrote: > >> Owen, >> >> When you stretch an analogy this thin, it always falls apart. I was >> referring to the poison/pollution not the water/air.

Re: Outgoing SMTP Servers

2011-10-28 Thread Bill Stewart
There are several models for where the MTA lives in an ISP environment - MTA at customer, connects to destination via Port 25. - MUA at customer, MTA at ISP, connects to destination via Port 25. - MTA at customer, ISP transparently forces connection through ISP MTA, then connects to destination via

Re: Outgoing SMTP Servers

2011-10-28 Thread Owen DeLong
cuum... > right? > >> -Original Message- >> From: Owen DeLong [mailto:o...@delong.com] >> Sent: Friday, October 28, 2011 12:11 PM >> To: Brian Johnson >> Subject: Re: Outgoing SMTP Servers >> >>> >>>>> Nor is the data transiting these

Re: Outgoing SMTP Servers

2011-10-28 Thread Jay Ashworth
- Original Message - > From: "William Herrin" > Interesting. I want to abstract and restate what I think you just said > and ask you to correct my understanding: > > Making a service accessible to the public via the Internet implicitly > grants some basic permission to that public to mak

Re: Outgoing SMTP Servers

2011-10-28 Thread Mike Jones
On 28 October 2011 16:41, wrote: > You *do* realize that for all your nice "Thei Internet Is Not A Commons" > ranting, the basic problem is that some people (we'll call them spammers) *do* > think that (a) it's a commons (or at least the exact ownership of a given > chunk is irrelevant), and (b)

Re: Outgoing SMTP Servers

2011-10-28 Thread William Herrin
On Fri, Oct 28, 2011 at 11:41 AM, wrote: > On Thu, 27 Oct 2011 23:44:16 EDT, William Herrin said: >> For our purpose, describing the Internet as a commons fundamentally >> misunderstands its nature. > > You *do* realize that for all your nice "Thei Internet Is Not A Commons" > ranting, the basic

Re: Outgoing SMTP Servers

2011-10-28 Thread -Hammer-
Girls, You are all pretty. End the thread. Seriously. -Hammer- "I was a normal American nerd" -Jack Herer On 10/28/2011 01:59 PM, William Herrin wrote: On Fri, Oct 28, 2011 at 1:34 AM, Joel jaeggli wrote: Email as facility is a public good whether it constitutes a commons or not...

Re: Outgoing SMTP Servers

2011-10-28 Thread William Herrin
On Fri, Oct 28, 2011 at 1:34 AM, Joel jaeggli wrote: > Email as facility is a public good whether it constitutes a commons or > not... If wasn't you wouldn't bother putting up a server that would > accept unsolicited incoming connections on behalf of yourself and > others, doing so is generically

RE: Outgoing SMTP Servers

2011-10-28 Thread Brian Johnson
ilto:o...@delong.com] >Sent: Friday, October 28, 2011 12:11 PM >To: Brian Johnson >Subject: Re: Outgoing SMTP Servers > >> >>>> Nor is the data transiting these networks a commons. The air over my >>>> land is a commons. I don't control it. If I po

RE: Outgoing SMTP Servers

2011-10-28 Thread Brian Johnson
Comments in-line >-Original Message- >From: valdis.kletni...@vt.edu [mailto:valdis.kletni...@vt.edu] >Sent: Friday, October 28, 2011 10:42 AM >To: William Herrin >Cc: nanog@nanog.org; Pete Carah >Subject: Re: Outgoing SMTP Servers > >On Thu, 27 Oct 2011 23:44:16

Re: Outgoing SMTP Servers

2011-10-28 Thread Valdis . Kletnieks
On Thu, 27 Oct 2011 23:44:16 EDT, William Herrin said: > For our purpose, describing the Internet as a commons fundamentally > misunderstands its nature. You *do* realize that for all your nice "Thei Internet Is Not A Commons" ranting, the basic problem is that some people (we'll call them spamme

RE: Outgoing SMTP Servers

2011-10-28 Thread McCall, Gabriel
going back to the merchant consortia of the middle ages. -Gabriel -Original Message- From: Pete Carah [mailto:p...@altadena.net] Sent: Thursday, October 27, 2011 9:29 PM To: nanog@nanog.org Subject: Re: Outgoing SMTP Servers Maybe he is concerned that the Wikipedia article gets into nit

Re: Outgoing SMTP Servers

2011-10-27 Thread Joel jaeggli
Email as facility is a public good whether it constitutes a commons or not... If wasn't you wouldn't bother putting up a server that would accept unsolicited incoming connections on behalf of yourself and others, doing so is generically non-rival and non-excludable although not perfectly so in eith

Re: Outgoing SMTP Servers

2011-10-27 Thread William Herrin
On Thu, Oct 27, 2011 at 11:59 PM, Dave CROCKER wrote: > On 10/28/2011 5:44 AM, William Herrin wrote: >> A commons is jointly owned, either by a non-trivial number of private >> owners or by all citizens of a government. > > The practical use of the term is a bit broader: >  

Re: Outgoing SMTP Servers

2011-10-27 Thread Dave CROCKER
On 10/28/2011 5:44 AM, William Herrin wrote: A commons is jointly owned, either by a non-trivial number of private owners or by all citizens of a government. The practical use of the term is a bit broader: As rule, the term gets applied to situatio

Re: Outgoing SMTP Servers

2011-10-27 Thread William Herrin
On Thu, Oct 27, 2011 at 9:29 PM, Pete Carah wrote: > On 10/27/2011 05:38 PM, valdis.kletni...@vt.edu wrote: >> On Thu, 27 Oct 2011 18:17:22 -, Brian Johnson said: >>> So... I'm in complete agreement with your statement, but The Wikipedia > reference is not pertinent. > > For our purpose, the o

Re: Outgoing SMTP Servers

2011-10-27 Thread Pete Carah
On 10/27/2011 05:38 PM, valdis.kletni...@vt.edu wrote: > On Thu, 27 Oct 2011 18:17:22 -, Brian Johnson said: >> So... I'm in complete agreement with your statement, but The Wikipedia reference is not pertinent. > > So I point out the tragedy of the commons, you agree with it, but the Wikipedia

Re: Outgoing SMTP Servers

2011-10-27 Thread Valdis . Kletnieks
On Thu, 27 Oct 2011 18:17:22 -, Brian Johnson said: > So... I'm in complete agreement with your statement, but The Wikipedia > reference is not pertinent. So I point out the tragedy of the commons, you agree with it, but the Wikipedia reference that talks about the same exact thing isn't pert

Re: Outgoing SMTP Servers

2011-10-27 Thread William Herrin
On Thu, Oct 27, 2011 at 1:50 PM, Robert Bonomi wrote: > On Thu, 27 Oct 2011 13:53:34 -, Brian Johnson said: >> As a small regional provider, implementing a "sane" port 25 filter has >> saved us a lot of money and customer headaches over the years. >> >> It is interesting that some people who f

RE: Outgoing SMTP Servers

2011-10-27 Thread Brian Johnson
>-Original Message- >From: Robert Bonomi [mailto:bon...@mail.r-bonomi.com] >Sent: Thursday, October 27, 2011 12:50 PM >To: nanog@nanog.org >Subject: Re: Outgoing SMTP Servers > > >On Thu, 27 Oct 2011 13:53:34 -, Brian Johnson said: > >> It is inter

RE: Outgoing SMTP Servers

2011-10-27 Thread Brian Johnson
>-Original Message- >From: valdis.kletni...@vt.edu [mailto:valdis.kletni...@vt.edu] >Sent: Thursday, October 27, 2011 10:24 AM >To: Brian Johnson >Cc: nanog@nanog.org >Subject: Re: Outgoing SMTP Servers > >On Thu, 27 Oct 2011 13:53:34 -, Brian Johnson said: >

Re: Outgoing SMTP Servers

2011-10-27 Thread Robert Bonomi
On Thu, 27 Oct 2011 13:53:34 -, Brian Johnson said: > It is interesting that some people who fully understand that the Internet is > composed of many networks run by people with different interests can say what > is best for the Internet as a whole. How my organization (or yours or anybody >

Re: Outgoing SMTP Servers

2011-10-27 Thread Valdis . Kletnieks
On Thu, 27 Oct 2011 13:53:34 -, Brian Johnson said: > It is interesting that some people who fully understand that the Internet is > composed of many networks run by people with different interests can say what > is best for the Internet as a whole. How my organization (or yours or anybody > e

RE: Outgoing SMTP Servers

2011-10-27 Thread Brian Johnson
--Original Message- >From: Owen DeLong [mailto:o...@delong.com] >Sent: Wednesday, October 26, 2011 11:42 PM >To: Scott Howard >Cc: nanog@nanog.org >Subject: Re: Outgoing SMTP Servers > > >On Oct 26, 2011, at 8:07 PM, Scott Howard wrote: > >> On Tue, Oct 25, 2

Re: Outgoing SMTP Servers

2011-10-27 Thread Bjørn Mork
Owen DeLong writes: > On Oct 26, 2011, at 8:07 PM, Scott Howard wrote: > >> As much as some ISPs still resist blocking port 25 for residential >> customers, it does have a major impact on the volume of spam leaving >> your network. I've worked with numerous ISPs as they have gone >> through the p

Re: Outgoing SMTP Servers

2011-10-27 Thread Bjørn Mork
Mark Andrews writes: > In message <4ea8a021.9000...@blakjak.net>, Mark Foster writes: > >> Why? It's a reasonable position; end users in the generic sense are >> sending to whatever their client has set up for SMTP, fire-and-forget. >> Again, I feel like folks are taking their relatively complic

Re: Outgoing SMTP Servers

2011-10-26 Thread Owen DeLong
On Oct 26, 2011, at 8:07 PM, Scott Howard wrote: > On Tue, Oct 25, 2011 at 2:49 AM, Owen DeLong wrote: > Interesting... Most people I know run the same policy on 25 and 587 these > days... > > to-local-domain, no auth needed. > relay, auth needed. > > auth required == TLS required. > > Anythi

Re: Outgoing SMTP Servers

2011-10-26 Thread Scott Howard
On Tue, Oct 25, 2011 at 2:49 AM, Owen DeLong wrote: > Interesting... Most people I know run the same policy on 25 and 587 these > days... > > to-local-domain, no auth needed. > relay, auth needed. > > auth required == TLS required. > > Anything else on either port seems not best practice to me. >

Re: Outgoing SMTP Servers

2011-10-26 Thread Jeff Kell
On 10/26/2011 10:57 PM, Scott Howard wrote: > On Tue, Oct 25, 2011 at 2:51 AM, Aftab Siddiqui > wrote: > >> Blocking port/25 is a common practice (!= best practice) for home >> users/consumers because it makes life a bit simpler in educating the end >> user. And it's not just 25. I'm on Charter,

Re: Outgoing SMTP Servers

2011-10-26 Thread Scott Howard
On Tue, Oct 25, 2011 at 2:51 AM, Aftab Siddiqui wrote: > Blocking port/25 is a common practice (!= best practice) for home > users/consumers because it makes life a bit simpler in educating the end > user. > MAAWG have considered this a best practice for residential/dynamic IPs since 2005 - http:

Re: Outgoing SMTP Servers

2011-10-26 Thread Jay Ashworth
- Original Message - > From: "Mark Andrews" > Now most people don't care about this but you shouldn't have to get > a business grade service just to have secure email sessions and if > you want to run a SMTP server to do that you are not changing the > amount of traffic going over the con

Re: Outgoing SMTP Servers

2011-10-26 Thread Mark Andrews
In message <4ea8a021.9000...@blakjak.net>, Mark Foster writes: > On 27/10/11 11:11, Mark Andrews wrote: > > In message , "Ricky Beam" writes: > >> On Tue, 25 Oct 2011 15:52:46 -0400, Alex Harrowell > > >> wrote:> > >>> Why do they do that? > >> You'd have to ask them. Or more accurately, you'

Re: Outgoing SMTP Servers

2011-10-26 Thread Mark Foster
On 27/10/11 11:11, Mark Andrews wrote: > In message , "Ricky Beam" writes: >> On Tue, 25 Oct 2011 15:52:46 -0400, Alex Harrowell >> wrote:> >>> Why do they do that? >> You'd have to ask them. Or more accurately, you'd need to ask their >> system integrator -- I've never seen an "in house" net

RE: Outgoing SMTP Servers

2011-10-26 Thread up
> On our retail footprint we block outbound traffic from customers with dynamic > IPs > towards port 25, our support tells them to use their ISP's port 587 server > That being said, since all of our home users have 50 mbit/sec or greater > upload > speeds we are pretty paranoid about the amou

Re: Outgoing SMTP Servers

2011-10-26 Thread Leigh Porter
On 26 Oct 2011, at 23:13, "Mark Andrews" wrote: > > In message , "Ricky Beam" writes: >> On Tue, 25 Oct 2011 15:52:46 -0400, Alex Harrowell >> wrote:> >>> Why do they do that? >> >> You'd have to ask them. Or more accurately, you'd need to ask their >> system integrator -- I've never s

Re: Outgoing SMTP Servers

2011-10-26 Thread Mark Andrews
In message , "Ricky Beam" writes: > On Tue, 25 Oct 2011 15:52:46 -0400, Alex Harrowell > wrote:> > > Why do they do that? > > You'd have to ask them. Or more accurately, you'd need to ask their > system integrator -- I've never seen an "in house" network run like that. > (and for the reco

RE: Outgoing SMTP Servers

2011-10-26 Thread John van Oppen
om: Owen DeLong [mailto:o...@delong.com] Sent: Monday, October 24, 2011 9:37 PM To: Dennis Burgess Cc: nanog@nanog.org Subject: Re: Outgoing SMTP Servers On Oct 24, 2011, at 9:29 PM, Dennis Burgess wrote: > I am curious about what network operators are doing with outbound SMTP > traffic. In

Re: Outgoing SMTP Servers

2011-10-26 Thread Ricky Beam
On Tue, 25 Oct 2011 15:52:46 -0400, Alex Harrowell wrote:> Why do they do that? You'd have to ask them. Or more accurately, you'd need to ask their system integrator -- I've never seen an "in house" network run like that. (and for the record, they were charging for that shitty network ac

Re: Outgoing SMTP Servers

2011-10-26 Thread Henry Yen
On Wed, Oct 26, 2011 at 19:24:23PM -0600, Owen DeLong wrote: > Firewalls are perfectly valid and I have no general objection to > filtering packets based on the policy set by a site. What I object to is > having someone I pay to move my packets tell me that they won't move > some of those packets b

Re: Outgoing SMTP Servers

2011-10-26 Thread Ray Soucy
We provide service to about 1,000 public schools and libraries in the state of Maine. For those users, we block SMTP (port 25 only) traffic unless it goes through our smarthost for incoming mail, and our mail-relay for outgoing mail. Otherwise we would be constantly ending up on blacklists, as ma

Re: Outgoing SMTP Servers

2011-10-26 Thread Leigh Porter
On 25 Oct 2011, at 09:34, "Tim" wrote: > This sadly is very common. It is getting more common by the day it seems but > this practice has started almost a decade ago. > > An easy work around is to use a custom port as they seem to just block port > 25 as a bad port but leave just about everythin

Re: Outgoing SMTP Servers

2011-10-26 Thread Owen DeLong
> > > > In a perfect world we would all have as many static globally routed IP > addresses as we want with nothing filtered, in the real world a > residential ISP who gives their customers globally routable IPv4 > addresses for each computer (ie. a CPE that supports multiple > computers without

Re: Outgoing SMTP Servers

2011-10-26 Thread Carlos Martinez-Cagnazzo
My point exactly, I am perfectly happy authenticating and relaying through either my MX at the office or with Google's SMTP server. But I just can't do that if SMTPoSSL ports are blocked by some lazy net admin. And I definitely hate it when I have to "pay" (in terms of delay and overhead) the pric

Re: Outgoing SMTP Servers

2011-10-25 Thread Mike Jones
On 26 October 2011 05:44, Owen DeLong wrote: > Mike recommends a tactic that leads to idiot hotel admins doing bad things. > You bet I'll criticize it for that. > > His mechanism breaks things anyway. I'll criticize it for that too. > Just to clarify, I was merely pointing out a possible argument

Re: Outgoing SMTP Servers

2011-10-25 Thread Robert Drake
On 10/25/2011 10:19 PM, Blake Hudson wrote: I didn't see anyone address this from the service provider abuse department perspective. I think larger ISP's got sick and tired of dealing with abuse reports or having their IP space blocked because of their own (infected) residential users sending out

Re: Outgoing SMTP Servers

2011-10-25 Thread Robert Drake
On 10/25/2011 11:17 AM, Owen DeLong wrote: But that applies to port 25 also, so, I'm not understanding the difference. Other people running open port 587s tends to be quite self-correcting. At this point, so do open port 25s. The differences is in intentions from the user. All SMTP server

Re: Outgoing SMTP Servers

2011-10-25 Thread Owen DeLong
On Oct 25, 2011, at 9:33 PM, William Herrin wrote: > On Tue, Oct 25, 2011 at 8:15 PM, Owen DeLong wrote: >> On Oct 25, 2011, at 3:16 PM, William Herrin wrote: >>> If you're doing the "right" thing, sending email via encrypted, >>> authenticated mechanisms, then you're doing it TCP ports 587 or 4

Re: Outgoing SMTP Servers

2011-10-25 Thread William Herrin
On Tue, Oct 25, 2011 at 8:15 PM, Owen DeLong wrote: > On Oct 25, 2011, at 3:16 PM, William Herrin wrote: >> If you're doing the "right" thing, sending email via encrypted, >> authenticated mechanisms, then you're doing it TCP ports 587 or 443. >> Where Mike's mechanism obstructs you not at all. >>

Re: Outgoing SMTP Servers

2011-10-25 Thread Graham Beneke
On 26/10/2011 04:35, Blake Hudson wrote: > An infected machine can just as easily send out mail on port 587 as it > can using port 25. It's not hard for bot net hearders to come up with a > list of valid credentials stolen from email clients, via key loggers, or > simply guessed through probability

Re: Outgoing SMTP Servers

2011-10-25 Thread Graham Beneke
On 25/10/2011 23:03, Mike Jones wrote: > On 25 October 2011 20:52, Alex Harrowell wrote: >> Ricky Beam wrote: >> >>> Works perfectly even in networks where a VPN doesn't and the idiot >>> hotel >>> intercepts port 25 (not blocks, redirects to *their* server.) >>> >>> --Ricky >> >> Why do they do

Re: Outgoing SMTP Servers

2011-10-25 Thread Blake Hudson
J wrote the following on 10/25/2011 9:25 PM: Blake Hudson wrote: If 587 becomes popular, spammers will move on and the same ISPs that blocked 25 will follow suit. I don't see this happening as easily. Authenticated means an easier shutdown of an account, rather than some form of port block/e

Re: Outgoing SMTP Servers

2011-10-25 Thread J
Blake Hudson wrote: > If > 587 becomes popular, spammers will move on and the same ISPs that > blocked 25 will follow suit. I don't see this happening as easily. Authenticated means an easier shutdown of an account, rather than some form of port block/etc. > A better solution would have been to

Re: Outgoing SMTP Servers

2011-10-25 Thread Blake Hudson
I didn't see anyone address this from the service provider abuse department perspective. I think larger ISP's got sick and tired of dealing with abuse reports or having their IP space blocked because of their own (infected) residential users sending out spam. The solution for them was to block

Re: Outgoing SMTP Servers

2011-10-25 Thread Jeroen van Aart
Owen DeLong wrote: It's both unacceptable in my opinion and common. There are even those misguided souls that will tell you it is best practice, though general agreement, even among them seems to be that only 25/tcp should be blocked and that 465 and 587 should not be blocked. From my consumer

Re: Outgoing SMTP Servers

2011-10-25 Thread Owen DeLong
On Oct 25, 2011, at 3:16 PM, William Herrin wrote: > On Tue, Oct 25, 2011 at 5:56 PM, Owen DeLong wrote: >> Put another way, your mechanism rewards those >> doing the wrong thing while punishing those of us >> sending our email via encrypted and authenticated >> mechanisms. > > Owen, > > If yo

Re: Outgoing SMTP Servers

2011-10-25 Thread Douglas Otis
On 10/25/11 12:31 PM, Ricky Beam wrote: On Tue, 25 Oct 2011 12:55:58 -0400, Owen DeLong wrote: > Wouldn't the right place for that form of rejection to occur be at > the mail server in question? In a perfect world, yes. When you find a perfect world, send us an invite. > I reject lots

Re: Outgoing SMTP Servers

2011-10-25 Thread William Herrin
On Tue, Oct 25, 2011 at 5:56 PM, Owen DeLong wrote: > Put another way, your mechanism rewards those >doing the wrong thing while punishing those of us >sending our email via encrypted and authenticated >mechanisms. Owen, If you're doing the "right" thing, sending email via encrypted, authenticat

Re: Outgoing SMTP Servers

2011-10-25 Thread Owen DeLong
No no no no no. The problem with your theory below is that: 1. It is by far best for users to authenticate to send mail. 2. Your "solution" works only for unencrypted unauthenticated users that ignore the certificate presented by the mail server. Put another way, your mechanism rewards thos

Re: Outgoing SMTP Servers

2011-10-25 Thread Mike Jones
On 25 October 2011 20:52, Alex Harrowell wrote: > Ricky Beam wrote: > >>Works perfectly even in networks where a VPN doesn't and the idiot >>hotel >>intercepts port 25 (not blocks, redirects to *their* server.) >> >>--Ricky > > Why do they do that? > My home ISP run an open relay on port 25 with

Re: Outgoing SMTP Servers

2011-10-25 Thread Robert Bonomi
> From nanog-bounces+bonomi=mail.r-bonomi@nanog.org Tue Oct 25 14:53:32 > 2011 > Subject: Re: Outgoing SMTP Servers > From: Alex Harrowell > Date: Tue, 25 Oct 2011 20:52:46 +0100 > To: Ricky Beam , Jeroen Massar > Cc: nanog@nanog.org > > Ricky Beam wrote: &

Re: Outgoing SMTP Servers

2011-10-25 Thread Alex Harrowell
Ricky Beam wrote: >Works perfectly even in networks where a VPN doesn't and the idiot >hotel >intercepts port 25 (not blocks, redirects to *their* server.) > >--Ricky Why do they do that? -- Sent from my Android phone with K-9 Mail. Please excuse my brevity.

Re: Outgoing SMTP Servers

2011-10-25 Thread Ricky Beam
On Tue, 25 Oct 2011 07:15:00 -0400, Jeroen Massar wrote: On that iToy of yours it is just a flick of a switch, presto. Where "flick of a switch" is actually several steps... Settings -> Network -> VPN... there's your switch. Wait for it to connect Go back to mail, refresh... And one's V

Re: Outgoing SMTP Servers

2011-10-25 Thread Ricky Beam
On Tue, 25 Oct 2011 12:55:58 -0400, Owen DeLong wrote: Wouldn't the right place for that form of rejection to occur be at the mail server in question? In a perfect world, yes. When you find a perfect world, send us an invite. I reject lots of residential connections... The real issue here

Re: Outgoing SMTP Servers

2011-10-25 Thread Brian Dickson
Owen wrote: >On Oct 25, 2011, at 3:29 AM, wrote: > >> On Tue, 25 Oct 2011 02:35:31 PDT, Owen DeLong said: >> >>> If they are using someone else's mail server for outbound, how, exactly do >>> you control >>> whether or not they use AUTH in the process? >> >> 1) You don't even really *care* if th

RE: Outgoing SMTP Servers

2011-10-25 Thread Matt McBride
[mailto:o...@delong.com] Sent: Tuesday, October 25, 2011 10:56 AM To: William Herrin Cc: nanog@nanog.org Subject: Re: Outgoing SMTP Servers On Oct 25, 2011, at 8:46 AM, William Herrin wrote: > On Tue, Oct 25, 2011 at 5:49 AM, Owen DeLong wrote: >> On Oct 24, 2011, at 11:13 PM, William Her

Re: Outgoing SMTP Servers

2011-10-25 Thread Owen DeLong
On Oct 25, 2011, at 8:46 AM, William Herrin wrote: > On Tue, Oct 25, 2011 at 5:49 AM, Owen DeLong wrote: >> On Oct 24, 2011, at 11:13 PM, William Herrin wrote: >>> Blocking outbound TCP SYN packets on port 25 from non-servers is >>> considered a BEST PRACTICE to avoid being the source of snowsho

Re: Outgoing SMTP Servers

2011-10-25 Thread Randy Bush
> I'm curious how a traveller is supposed to get SMTP relay service > when, well, travelling. I am not really sure if I want a VPN for > sending a simple email. vpn i use openvpn when roaming, i am often on poorly protected wireless. i openvpn to home randy

Re: Outgoing SMTP Servers

2011-10-25 Thread David E. Smith
On Tue, Oct 25, 2011 at 10:57, Dennis Burgess wrote: > > [dmb] This is the exact question, why, do you NEED a SMTP Relay on ANY > network. Your domain has a mail server out on the net that if you > authenticate to, I am sure will relay your mail, and the reverse DNS and SPF > records would match

RE: Outgoing SMTP Servers

2011-10-25 Thread Dennis Burgess
> > I'm curious how a traveller is supposed to get SMTP relay service when, well, > travelling. I am not really sure if I want a VPN for sending a simple email. > > And I can understand (although I am not convinced that doing so is such a > great idea) blocking 25/tcp outgoing, as most botnets w

Re: Outgoing SMTP Servers

2011-10-25 Thread William Herrin
On Tue, Oct 25, 2011 at 5:49 AM, Owen DeLong wrote: > On Oct 24, 2011, at 11:13 PM, William Herrin wrote: >> Blocking outbound TCP SYN packets on port 25 from non-servers is >> considered a BEST PRACTICE to avoid being the source of snowshoe and >> botnet spam. Blocking it from legitimate mail ser

Re: Outgoing SMTP Servers

2011-10-25 Thread Owen DeLong
On Oct 25, 2011, at 4:15 AM, Jeroen Massar wrote: > On 2011-10-25 12:20 , Owen DeLong wrote: >> >> On Oct 25, 2011, at 3:04 AM, Jeroen Massar wrote: >> >>> On 2011-10-25 11:49 , Owen DeLong wrote: >>> [..] With this combination, I have not encountered a hotel, airport lounge, or other

Re: Outgoing SMTP Servers

2011-10-25 Thread Carlos Martinez-Cagnazzo
I'm curious how a traveller is supposed to get SMTP relay service when, well, travelling. I am not really sure if I want a VPN for sending a simple email. And I can understand (although I am not convinced that doing so is such a great idea) blocking 25/tcp outgoing, as most botnets will try that m

Re: Outgoing SMTP Servers

2011-10-25 Thread Owen DeLong
On Oct 25, 2011, at 3:29 AM, wrote: > On Tue, 25 Oct 2011 02:35:31 PDT, Owen DeLong said: > >> If they are using someone else's mail server for outbound, how, exactly do >> you control >> whether or not they use AUTH in the process? > > 1) You don't even really *care* if they do or not, becau

Re: Outgoing SMTP Servers

2011-10-25 Thread Bjørn Mork
Owen DeLong writes: > It's both unacceptable in my opinion and common. There are even those > misguided souls that will tell you it is best practice, though general > agreement, > even among them seems to be that only 25/tcp should be blocked and that > 465 and 587 should not be blocked. It is

Re: Outgoing SMTP Servers

2011-10-25 Thread Jeroen Massar
On 2011-10-25 12:20 , Owen DeLong wrote: > > On Oct 25, 2011, at 3:04 AM, Jeroen Massar wrote: > >> On 2011-10-25 11:49 , Owen DeLong wrote: >> [..] >>> With this combination, I have not encountered a hotel, airport lounge, or >>> other poorly run environment from which I cannot send mail through

Re: Outgoing SMTP Servers

2011-10-25 Thread Valdis . Kletnieks
On Tue, 25 Oct 2011 02:35:31 PDT, Owen DeLong said: > If they are using someone else's mail server for outbound, how, exactly do > you control > whether or not they use AUTH in the process? 1) You don't even really *care* if they do or not, because... 2) if some other site is running with an un

Re: Outgoing SMTP Servers

2011-10-25 Thread Owen DeLong
On Oct 25, 2011, at 3:04 AM, Jeroen Massar wrote: > On 2011-10-25 11:49 , Owen DeLong wrote: > [..] >> With this combination, I have not encountered a hotel, airport lounge, or >> other poorly run environment from which I cannot send mail through my >> home server from my laptop/ipad/iphone/etc.

Re: Outgoing SMTP Servers

2011-10-25 Thread Jeroen Massar
On 2011-10-25 11:49 , Owen DeLong wrote: [..] > With this combination, I have not encountered a hotel, airport lounge, or > other poorly run environment from which I cannot send mail through my > home server from my laptop/ipad/iphone/etc. Ever heard of this magical thing called a VPN? :) Indeed,

Re: Outgoing SMTP Servers

2011-10-25 Thread Owen DeLong
On Oct 24, 2011, at 11:13 PM, William Herrin wrote: > On Tue, Oct 25, 2011 at 12:29 AM, Dennis Burgess > wrote: >> I am curious about what network operators are doing with outbound SMTP >> traffic. In the past few weeks we have ran into over 10 providers, >> mostly local providers, which block

Re: Outgoing SMTP Servers

2011-10-25 Thread Aftab Siddiqui
Blocking port/25 is a common practice (!= best practice) for home users/consumers because it makes life a bit simpler in educating the end user. ripe-409 gives some what glimpse of best-practice, not sure how many implements it that way. Regards, Aftab A. Siddiqui On Tue, Oct 25, 2011 at 2:35

Re: Outgoing SMTP Servers

2011-10-25 Thread Owen DeLong
On Oct 24, 2011, at 10:27 PM, Mikael Abrahamsson wrote: > On Mon, 24 Oct 2011, Dennis Burgess wrote: > >> I am curious about what network operators are doing with outbound SMTP >> traffic. > > Block all TCP/25 and require users to use submit with authentication on > TCP/587. > If they are us

Re: Outgoing SMTP Servers

2011-10-25 Thread Dave CROCKER
On 10/25/2011 8:13 AM, William Herrin wrote: Blocking outbound TCP SYN packets on port 25 from non-servers is considered a BEST PRACTICE ... The SMTP submission port (TCP 587) is authenticated and should generally not be blocked. Email Submission Operations: Access and Accountability Req

RE: Outgoing SMTP Servers

2011-10-25 Thread Tim
This sadly is very common. It is getting more common by the day it seems but this practice has started almost a decade ago. An easy work around is to use a custom port as they seem to just block port 25 as a bad port but leave just about everything else open including 2525 which seems to be a comm

Re: Outgoing SMTP Servers

2011-10-24 Thread William Herrin
On Tue, Oct 25, 2011 at 12:29 AM, Dennis Burgess wrote: > I am curious about what network operators are doing with outbound SMTP > traffic.  In the past few weeks we have ran into over 10 providers, > mostly local providers, which block outbound SMTP and require the users > to go THOUGH their mail

  1   2   >