39 PM
To: Frank Bulk
Cc: Matthew Moyle-Croft; nanog@nanog.org
Subject: Re: ingress SMTP
On Sat, Sep 13, 2008 at 11:38 PM, Frank Bulk <[EMAIL PROTECTED]> wrote:
> How do you alert mail server operators who are smarthosting their e-mail
> through you that their outbound messages contain sp
*Hobbit* wrote:
> How do you alert mail server operators who are smarthosting their
> e-mail through you that their outbound messages contain spam?
You don't let them falsify their envelope or headers to contain
fields utterly unrelated to your own infrastructure, for starters.
They try it
> How do you alert mail server operators who are smarthosting their
> e-mail through you that their outbound messages contain spam?
You don't let them falsify their envelope or headers to contain
fields utterly unrelated to your own infrastructure, for starters.
They try it, their mail bounc
On Sat, Sep 13, 2008 at 11:38 PM, Frank Bulk <[EMAIL PROTECTED]> wrote:
> How do you alert mail server operators who are smarthosting their e-mail
> through you that their outbound messages contain spam?
>
> Frank
If those are actual mailservers smarthosting and getting MX from you
then you doubtl
things like the Australian Systems Administrator's
Guild etc)
MMC
Frank
-Original Message-
From: Matthew Moyle-Croft [mailto:[EMAIL PROTECTED]
Sent: Saturday, September 13, 2008 12:41 AM
To: Bill Stewart
Cc: nanog@nanog.org
Subject: Re: ingress SMTP
Hi Bill,
Bill Stewart wrote:
Subject: Re: ingress SMTP
Hi Bill,
Bill Stewart wrote:
> In some sense, anything positive you an accomplish by blocking Port 25
> you can also accomplish by leaving the port open and advertising the IP
> address
> on one of the dynamic / home broadband / etc. block lists,
> which le
Hi Bill,
Bill Stewart wrote:
In some sense, anything positive you an accomplish by blocking Port 25
you can also accomplish by leaving the port open and advertising the IP
address
on one of the dynamic / home broadband / etc. block lists,
which leaves recipients free to whitelist or blacklist yo
Blocking port 25 has become popular, not only with
walled-garden connectivity services that are really scared of their
customers running their own servers (e.g. most cable modem companies),
but also with other ISPs that don't want to deal with the problems
of having customers who are spamming (w
Hi, Hobbit - we met back in the late 80s / early 90s at various New Jersey
things
such as Trenton Computer Fair, but you probably don't remember me; Tigger
says hi as well...
"Be Liberal in what you accept, be conservative in what you send,
and be really really clear in your error messages,
except
Joel Jaeggli <[EMAIL PROTECTED]> writes:
>> Does anyone bother to run an MSA on 587 and *not* require authentication?
>
> All my normal relay or lack thereof and delivery rules are in place on
> my 587 port. Of course muas's and mtas will also do tls as well as
> authentication over port 25 where
Jay R. Ashworth wrote:
> On Wed, Sep 03, 2008 at 12:58:53PM -0400, Nicholas Suan wrote:
>> On Sep 3, 2008, at 12:49 PM, Jay R. Ashworth wrote:
>>> You're forgetting that 587 *is authenticated, always*.
>> I'm not sure how that makes much of a difference since the usual spam
>> vector is malware t
I am completely convinced that abuse@ in most big providers is a
black hole with an autoresponder hung off it, and nothing ever
gets done with complaints. NO HUMAN ever sees them, and even if
they did, most of the humans at these outfits wouldn't recognize
a Received: header if it bit them in the
Mark Foster <[EMAIL PROTECTED]> writes:
> On Fri, 5 Sep 2008, Mikael Abrahamsson wrote:
>>
>> We don't allow most of our residential customer base to speak SMTP
>> TCP/25 to anywhere at all (and we have millions of them). Wish more
>> ISPs would do the same.
>>
>
> Probably fair enough, if you as
JS> Date: Wed, 03 Sep 2008 11:56:51 -0400
JS> From: Justin Scott
JS> Have you ever tried to have Joe Sixpack call BigISP support to ask
JS> for an exception to a port block on his consumer-class connection
JS> with a dynamic IP?
In my experience, most people capable of preventing outbound 25/TCP
[EMAIL PROTECTED] wrote:
- Original Message -
From: Michael Thomas <[EMAIL PROTECTED]>
Date: Monday, September 8, 2008 7:31 am
Subject: Re: ingress SMTP
Would that it were so easy :) You also have the more daunting task
of hooking up your auth/aaa infrastructure with your MTA&
- Original Message -
From: Michael Thomas <[EMAIL PROTECTED]>
Date: Monday, September 8, 2008 7:31 am
Subject: Re: ingress SMTP
>
> Would that it were so easy :) You also have the more daunting task
> of hooking up your auth/aaa infrastructure with your MTA's, and a
On 9/7/08 4:51 PM, "Eugeniu Patrascu" <[EMAIL PROTECTED]> wrote:
>
> On Sep 8, 2008, at 12:31 AM, Michael Thomas wrote:
>
>> Eugeniu Patrascu wrote:
>>>
>>> On Sep 3, 2008, at 8:08 PM, Winders, Timothy A wrote:
>>>
Yes, setting up a 587 submit server internally would be best, but
>>
On Sep 8, 2008, at 12:31 AM, Michael Thomas wrote:
Eugeniu Patrascu wrote:
On Sep 3, 2008, at 8:08 PM, Winders, Timothy A wrote:
Yes, setting up a 587 submit server internally would be best, but
man power
is at a premium and it hasn't happened.
I don't know what SMTP server you're us
On 7/09/2008, at 5:31 PM, Michael Thomas wrote:
Eugeniu Patrascu wrote:
On Sep 3, 2008, at 8:08 PM, Winders, Timothy A wrote:
Yes, setting up a 587 submit server internally would be best, but
man power
is at a premium and it hasn't happened.
I don't know what SMTP server you're using,
Eugeniu Patrascu wrote:
On Sep 3, 2008, at 8:08 PM, Winders, Timothy A wrote:
Yes, setting up a 587 submit server internally would be best, but man
power
is at a premium and it hasn't happened.
I don't know what SMTP server you're using, but on Postfix you just
need to uncomment one lin
On Sep 3, 2008, at 8:08 PM, Winders, Timothy A wrote:
Yes, setting up a 587 submit server internally would be best, but
man power
is at a premium and it hasn't happened.
I don't know what SMTP server you're using, but on Postfix you just
need to uncomment one line in master.cf, do a re
On Sep 3, 2008, at 6:52 PM, Tim Sanderson wrote:
Anybody not wanting to use their ISP email would notice it. I see
filtering 25 FROM the customer as something that is not likely to
happen because of this. When a customer buys bandwidth, they want to
be able to use it for whatever they choo
sions from a
certain IP to identify their upstream bandwidth).
Frank
-Original Message-
From: Michael Thomas [mailto:[EMAIL PROTECTED]
Sent: Friday, September 05, 2008 9:46 AM
To: Paul Ferguson
Cc: nanog@nanog.org
Subject: Re: SMTP rate-limits [Was: Re: ingress SMTP]
I thought that thes
On Fri, Sep 05, 2008 at 10:35:15AM +0200, Mikael Abrahamsson wrote:
> On Fri, 5 Sep 2008, Simon Waters wrote:
>
> >If the ISP blocks port 25, then the ISP is taking responsibility for
> >delivering all email sent by a user, and they have to start applying rate
> >limits.
>
> MUAs should stop send
On Fri, 5 Sep 2008, Michael Thomas wrote:
>
> I thought that these bot nets were so massive that it is pretty
> easy for them to fly under the radar for quotas, rate limiting, etc.
> Not that all bot nets are created equal, and there aren't local hot
> spots for whatever reason, but putting on the
Paul Ferguson wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- -- Simon Waters <[EMAIL PROTECTED]> wrote:
If the ISP blocks port 25, then the ISP is taking responsibility for
delivering all email sent by a user, and they have to start applying rate
limits. Otherwise if they send
On Fri, 5 Sep 2008, Mikael Abrahamsson wrote:
On Fri, 5 Sep 2008, Simon Waters wrote:
If the ISP blocks port 25, then the ISP is taking responsibility for
delivering all email sent by a user, and they have to start applying rate
limits.
MUAs should stop sending email via 25 and use 587 or
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- -- Simon Waters <[EMAIL PROTECTED]> wrote:
>If the ISP blocks port 25, then the ISP is taking responsibility for
delivering all email sent by a user, and they have to start applying rate
limits. Otherwise if they send all email from their users, a
On Fri, 5 Sep 2008, Simon Waters wrote:
If the ISP blocks port 25, then the ISP is taking responsibility for
delivering all email sent by a user, and they have to start applying rate
limits.
MUAs should stop sending email via 25 and use 587 or equivalent instead.
There is little actual reason
On Friday 05 September 2008 00:33:54 Mark Foster wrote:
>
> *rest snipped*
>
> Is the above described limitation a common occurrance in the
> world-at-large?
If the ISP blocks port 25, then the ISP is taking responsibility for
delivering all email sent by a user, and they have to start applying r
On Fri, Sep 05, 2008 at 11:33:54AM +1200, Mark Foster wrote:
> Summary: Perceived limit of 200 email addresses delivered to per day
> *rest snipped*
>
> Is the above described limitation a common occurrance in the world-at-large?
>
> I've not heard of ISPs doing number-of-recipients-per-day lim
> On Thu, Sep 04, 2008 at 02:01:48PM +1200, Mark Foster wrote:
>> So in terms of the OP,
>> I don't see why joe-user on a dynamic-IP home connection should need the
>> ability to use port 25 to talk to anywhere but their local ISP SMTP
>> server
>> on a normal basis[1].
>
> Whats a normal basis?
>
On Thu, Sep 04, 2008 at 02:01:48PM +1200, Mark Foster wrote:
> So in terms of the OP,
> I don't see why joe-user on a dynamic-IP home connection should need the
> ability to use port 25 to talk to anywhere but their local ISP SMTP server
> on a normal basis[1].
Whats a normal basis?
My Home ISP
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Mark Andrews wrote:
>> You do realise that there a mail clients that check MX
>> records *before* submitting email (or before on sending the
>> email) so that typos get detected in the client before any
>> email is sent from the cl
> > Well, that depends on MUA design, of course, but it's just been pointed
> > out to me that the RFC says MAY, not MUST.
(That was me.)
> Note that there are TWO relevant RFCs: RFC 4409 and RFC 5068. The latter
> says:
>
> 3.1. Best Practices for Submission Operation
Thanks, Tony. I hadn't
In article <[EMAIL PROTECTED]> you write:
>-BEGIN PGP SIGNED MESSAGE-
>Hash: SHA1
>
>Robert Bonomi wrote:
>
>> One small data-point -- on a personal vanity domain, approximately 2/3 of
>> all the spam (circa 15k junk emails/month) was 'direct to inbound MX'
>> transmissions. The vast maj
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Robert Bonomi wrote:
> One small data-point -- on a personal vanity domain, approximately 2/3 of
> all the spam (circa 15k junk emails/month) was 'direct to inbound MX'
> transmissions. The vast majority of this is coming from end-user machines
>
On Wed, 3 Sep 2008, Keith Medcalf wrote:
>
> Why would the requirements for authentication be different depending on
> the port used to connect to the MTA?
It's easier to configure the MTA if you make a distinction between
server-to-server traffic and client-to-server traffic. In fact my systems
d
On Thu, 4 Sep 2008, Jean-François Mezei wrote:
>
> Consider an employee of chocolate.com working from home. he connects to
> Chocolate.com's SMTP server to send mail, but his ISP intercepts the
> connection and routes the email via its own. The email will then be sent
> by the ISP's SMTP server.
A
On Wed, 3 Sep 2008, Jay R. Ashworth wrote:
>
> Well, that depends on MUA design, of course, but it's just been pointed
> out to me that the RFC says MAY, not MUST.
Note that there are TWO relevant RFCs: RFC 4409 and RFC 5068. The latter
says:
3.1. Best Practices for Submission Operation
Subm
re: intercepting port 25 calls and routing them to the ISP's own SMTP
server.
Consider an employee of chocolate.com working from home. he connects to
Chocolate.com's SMTP server to send mail, but his ISP intercepts the
connection and routes the email via its own. The email will then be sent
by th
g port 587 is not the silver bullet, but it buys you a little
bit.
Frank
-Original Message-
From: Keith Medcalf [mailto:[EMAIL PROTECTED]
Sent: Wednesday, September 03, 2008 7:34 PM
To: nanog@nanog.org
Subject: ingress SMTP
> On Wed, Sep 03, 2008 at 12:58:53PM -0400, Nicholas Suan wrot
ssage-
From: Suresh Ramasubramanian [mailto:[EMAIL PROTECTED]
Sent: Wednesday, September 03, 2008 10:09 PM
To: Michael Thomas
Cc: nanog@nanog.org
Subject: Re: Why not go after bots? (was: ingress SMTP)
On Wed, Sep 3, 2008 at 5:12 AM, Michael Thomas <[EMAIL PROTECTED]> wrote:
> That s
Nah. There have been plenty. This just happened to be one of the recent
ones.
But as you've rightly pointed out, the dead horse magically revives itself
every once in a while ;)
On Thu, Sep 4, 2008 at 10:51 AM, Suresh Ramasubramanian <[EMAIL PROTECTED]
> wrote:
> you just found one? i think a fe
On Wed, Sep 3, 2008 at 5:12 AM, Michael Thomas <[EMAIL PROTECTED]> wrote:
> That seems to be the convention wisdom, but the science experiment
> as it were in blocking port 25 doesn't seem to be correlated (must
> less causated) with any drop in the spam rate. Because so far as I've
> heard there i
you just found one? i think a few dozen over the last several years.
surprised though, i thought this particular horse was finally dead
after all the beatings it'd received.
srs
On Thu, Sep 4, 2008 at 8:13 AM, Ang Kah Yik <[EMAIL PROTECTED]> wrote:
> Hmm.. if it helps - here's a link to an arch
Hmm.. if it helps - here's a link to an archived discussion on the same
issue earlier this year.
http://www.mail-archive.com/[EMAIL PROTECTED]/msg52598.html
--
Ang Kah Yik (bangky) -- http://blog.bangky.net
> iiNet a reasonably sized Aussie ISP has a web page
> (specifially part of the 'My Account' page) where
> you can, with a simple check box, choose to have
> commonly abused ports blocked *for outgoing
> connections* or not.
That's great, and an excellent solution. Unfortunately many of the larg
Ok, mine is actualy even edgier than that; no transit at all, to
paraphrase Steeley Dan.
But does anyone have a pointer to a good set of ports to block in each
direction through my Shorewall DNAT setup, preferably annotated?
On reflection, that's actually only outbound; the necessity to set up
in
>
>> On Wed, Sep 03, 2008 at 12:58:53PM -0400, Nicholas Suan wrote:
>> > On Sep 3, 2008, at 12:49 PM, Jay R. Ashworth wrote:
>
>> > >You're forgetting that 587 *is authenticated, always*.
>
>> > I'm not sure how that makes much of a difference since the
>> > usual spam vector is malware that has (a
> On Wed, Sep 03, 2008 at 12:58:53PM -0400, Nicholas Suan wrote:
> > On Sep 3, 2008, at 12:49 PM, Jay R. Ashworth wrote:
> > >You're forgetting that 587 *is authenticated, always*.
> > I'm not sure how that makes much of a difference since the
> > usual spam vector is malware that has (almost) c
Charles Wyble wrote:
I have SBC / AT&T / Yahoo DSL in Southern California and they block
outbound 25 to anything but Yahoo SMTP server farm, and they only
allow SSL
connectivity at that. I'm all for that personally.
That seems to be the convention wisdom, but the science experiment
as it wer
- Original Message -
From: "Jay R. Ashworth" <[EMAIL PROTECTED]>
Date: Thursday, September 4, 2008 5:00 am
Subject: Re: ingress SMTP
>
> Does anyone bother to run an MSA on 587 and *not* require
> authentication?
Many can be configured that way (example: Su
Justin Scott said:
>
> Your comment about "exceptions for customers that prove they know how to
> lock down" is not based in reality, frankly. Have you ever tried to
> have Joe Sixpack call BigISP support to ask for an exception to a port
> block on his consumer-class connection with a dynamic I
At 12:48 PM 9/3/2008, you wrote:
Do you operate your mailserver on a residential cablemodem or adsl
rather than a business account?
No, we co-lo equipment at a professional facility that our customers
on any type of connection need to have access to send mail through,
regardless of whether t
On Sep 3, 2008, at 4:36 PM, Frank Bulk wrote:
I would like to point my customers to port 587, but that kind of
configuration is still in its infancy.
We're a small managed services provider, and we started doing
authenticated SMTP with TLS on port 587 six years ago. It's at least
in kind
> From [EMAIL PROTECTED] Wed Sep 3 11:58:37 2008
> From: Alec Berry <[EMAIL PROTECTED]>
> Subject: Re: ingress SMTP
>
> Michael Thomas wrote:
> > I think this all vastly underrates the agility of the bad guys. So
> > lots of ISP's have blocked port 25. Has
-mail server via SSL."
Frank
-Original Message-
From: Jay R. Ashworth [mailto:[EMAIL PROTECTED]
Sent: Wednesday, September 03, 2008 11:07 AM
To: nanog@nanog.org
Subject: Re: ingress SMTP
On Wed, Sep 03, 2008 at 11:52:48AM -0400, Tim Sanderson wrote:
> Anybody not wanting to use th
: Wednesday, September 03, 2008 10:57 AM
To: nanog@nanog.org
Subject: Re: ingress SMTP
> What is preventing this from being an operational no-brainer,
> including making a few exceptions for customers that prove they know
> how to lock down their own mail infrastructure?
As a small p
*Hobbit* wrote:
What I'm trying to get a feel for is this: what proportion of edge
customers have a genuine NEED to send direct SMTP traffic to TCP 25
at arbitrary destinations?
Probably very few.
The big providers -- comcast, verizon, RR, charter, bellsouth, etc --
seem to be some of the mo
On Wed, 03 Sep 2008 15:00:15 EDT, "Jay R. Ashworth" said:
> Does anyone bother to run an MSA on 587 and *not* require authentication?
Presumably only sites that don't care if they end up in half the anti-spam
blacklists on the planet. Based on the evidence I have, there's a depressingly
large nu
On 9/3/08 1:04 PM, "Winders, Timothy A" <[EMAIL PROTECTED]>
wrote:
> On 9/3/08 12:59 PM, "Jason Fesler" <[EMAIL PROTECTED]> wrote:
>
>>> I agree, it's not the "right way to do things". Running a mail server used
>>> to be much easier. Volunteers to help set things up "the right way" are
>>> alw
On Wed, Sep 03, 2008 at 12:58:53PM -0400, Nicholas Suan wrote:
> On Sep 3, 2008, at 12:49 PM, Jay R. Ashworth wrote:
> >You're forgetting that 587 *is authenticated, always*.
>
> I'm not sure how that makes much of a difference since the usual spam
> vector is malware that has (almost) complete
on Wed, Sep 03, 2008 at 05:15:41PM +, *Hobbit* wrote:
> Related question, now that some discussion has started: why the F
> does Gmail refuse to put real, identifiable injection-path headers
> in mail they relay out? The current "policy" only protects spammer
> identities behind a meaningless
Wow, lots of responses already. Thanks, good discussion.
I should clarify a little, that it's not necessarily about "blanket"
port blocking or denying "random" ports as threats are perceived,
but where needed in a well thought-out manner and trying to take
customer needs [stated or observed] into
On Wed, 3 Sep 2008, Alec Berry wrote:
>
> At the very least, you can run stunnel to allow incoming
> mail submission on port 465 (SMTP + SSL).
I would be very very careful with that kind of setup. Connections to port
25 from localhost (even if they are from stunnel running on localhost)
often bypa
On 9/3/08 12:59 PM, "Jason Fesler" <[EMAIL PROTECTED]> wrote:
>> I agree, it's not the "right way to do things". Running a mail server used
>> to be much easier. Volunteers to help set things up "the right way" are
>> always welcome. :-)
>
> Supporting those clients who can't connect is cheape
I agree, it's not the "right way to do things". Running a mail server used
to be much easier. Volunteers to help set things up "the right way" are
always welcome. :-)
Supporting those clients who can't connect is cheaper or more accessible
for you?
On 9/3/08 12:48 PM, "Alec Berry" <[EMAIL PROTECTED]> wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> Winders, Timothy A wrote:
>
>> We have not setup a port 587 smtp submit server. Our smtp servers run only
>> on port 25.
>
> Sorry to be harsh, but that's just not the "right way t
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Winders, Timothy A wrote:
> We have not setup a port 587 smtp submit server. Our smtp servers run only
> on port 25.
Sorry to be harsh, but that's just not the "right way to do things"
these days. At the very least, you can run stunnel to allow inco
rth American Noise and Off-topic Gripes <[EMAIL PROTECTED]>
Subject: Re: ingress SMTP
Alec Berry wrote:
> Michael Thomas wrote:
>
>> But the thing that's really pernicious about this sort of policy is
>> that it's a back door policy for ISP's to clamp down on all
On Sep 3, 2008, at 12:49 PM, Jay R. Ashworth wrote:
On Wed, Sep 03, 2008 at 09:40:20AM -0700, Michael Thomas wrote:
"Allowing unfiltered public access to port 25 is one of the things
that
increases everyone's spam load, and your ISP is trying to be a Good
Neighbor in blocking access to anyon
On Wednesday 03 September 2008 18:07:22 Stephen Sprunk wrote:
>
> When port 25 block was first instituted, several providers actually
> redirected connections to their own servers (with spam filters and/or
> rate limits) rather than blocking the port entirely. This seems like a
> good compromise f
On 9/3/08 10:50 AM, "Suresh Ramasubramanian" <[EMAIL PROTECTED]> wrote:
> On Wed, Sep 3, 2008 at 8:46 PM, *Hobbit* <[EMAIL PROTECTED]> wrote:
>>
>> What I'm trying to get a feel for is this: what proportion of edge
>> customers have a genuine NEED to send direct SMTP traffic to TCP 25
>> at arbit
Alec Berry wrote:
Michael Thomas wrote:
But the thing that's really pernicious about this sort of policy is
that it's a back door policy for ISP's to clamp down on all outgoing
ports in the name of "security".
I don't think ISPs have anything to gain by randomly blocking ports. They m
On Wed, Sep 3, 2008 at 10:18 PM, Justin Scott <[EMAIL PROTECTED]> wrote:
>> Do you operate your mailserver on a residential cablemodem or adsl
>> rather than a business account?
>
> No, we co-lo equipment at a professional facility that our customers on any
> type of connection need to have access
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Michael Thomas wrote:
> I think this all vastly underrates the agility of the bad guys. So
> lots of ISP's have blocked port 25. Has it made any appreciable
> difference? Not that I can tell. If you block port 25, they'll just
> use another port and a
On Wed, Sep 03, 2008 at 09:40:20AM -0700, Michael Thomas wrote:
> >"Allowing unfiltered public access to port 25 is one of the things that
> >increases everyone's spam load, and your ISP is trying to be a Good
> >Neighbor in blocking access to anyone's servers but their own; many ISPs
> >are moving
Do you operate your mailserver on a residential cablemodem or adsl
rather than a business account?
No, we co-lo equipment at a professional facility that our customers on
any type of connection need to have access to send mail through,
regardless of whether their ISP blocks the standard ports
On Wed, Sep 3, 2008 at 9:26 PM, Justin Scott <[EMAIL PROTECTED]> wrote:
>> What is preventing this from being an operational no-brainer,
>> including making a few exceptions for customers that prove they know
>> how to lock down their own mail infrastructure?
>
> As a small player who operates a ma
Jay R. Ashworth wrote:
On Wed, Sep 03, 2008 at 11:56:51AM -0400, Justin Scott wrote:
As a small player who operates a mail server used by many local
businesses, this becomes a support issue for admins in our position. We
operate an SMTP server of our own that the employees of these various
Why don't you set the alternate ports up as the defaults when the
customer signs up?
Excellent question and unfortunately I don't have an answer. I will run
that one by management as it is an obviously great idea now that you
mention it.
We use TLS on port 587 and SSL on 465, most mail cli
On Wed, Sep 03, 2008 at 11:56:51AM -0400, Justin Scott wrote:
> As a small player who operates a mail server used by many local
> businesses, this becomes a support issue for admins in our position. We
> operate an SMTP server of our own that the employees of these various
> companies use from
On Wednesday 03 September 2008, Justin Scott <[EMAIL PROTECTED]> wrote:
> The problem, however, is that the customer simply cannot understand why
> their e-mail worked one day and doesn't the next. In their eyes the
> system used to work, and now it doesn't, so that must mean that we broke
> it an
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Justin Scott wrote:
> We, being somewhat intelligent, have a support process in place
> to walk the customer through the SMTP port change from 25 to one of our
> two alternate ports.
Why don't you set the alternate ports up as the defaults when the
On Wed, Sep 03, 2008 at 11:52:48AM -0400, Tim Sanderson wrote:
> Anybody not wanting to use their ISP email would notice it. I see
> filtering 25 FROM the customer as something that is not likely to
> happen because of this. When a customer buys bandwidth, they want to
> be able to use it for whate
What is preventing this from being an operational no-brainer,
including making a few exceptions for customers that prove they know
how to lock down their own mail infrastructure?
As a small player who operates a mail server used by many local
businesses, this becomes a support issue for admins
competitive
advantage to any ISP not doing the filtering.
--
Tim Sanderson, network administrator
[EMAIL PROTECTED]
-Original Message-
From: *Hobbit* [mailto:[EMAIL PROTECTED]
Sent: Wednesday, September 03, 2008 11:16 AM
To: nanog@nanog.org
Subject: ingress SMTP
I've been blackholing
On Wed, Sep 3, 2008 at 8:46 PM, *Hobbit* <[EMAIL PROTECTED]> wrote:
>
> What I'm trying to get a feel for is this: what proportion of edge
> customers have a genuine NEED to send direct SMTP traffic to TCP 25
> at arbitrary destinations? I'm thinking mostly of cable-modem and
Not too many - they
I've been blackholing NANOG mail for a while due to other things
displacing the time I'd need to read it, so I might be a little out
of touch on this, but I did grovel through some of the archives
looking for any discussion on this before posting. Didn't find a
really coherent answer yet.
What I'
90 matches
Mail list logo
