[102976] in North American Network Operators' Group
Re: Customer-facing ACLs
daemon@ATHENA.MIT.EDU (Christopher Morrow)
Mon Mar 10 22:36:31 2008
Date: Mon, 10 Mar 2008 22:33:06 -0400
From: "Christopher Morrow" <morrowc.lists@gmail.com>
To: "Ang Kah Yik" <mailinglist@bangky.net>
Cc: "Justin Shore" <justin@justinshore.com>, nanog@merit.edu
In-Reply-To: <47D5CB09.5030405@bangky.net>
Errors-To: owner-nanog@merit.edu
On Mon, Mar 10, 2008 at 7:58 PM, Ang Kah Yik <mailinglist@bangky.net> wrote:
>
> Hi Justin (and all others on-list)
>
> I understand your grounds for blocking outbound SMTP for your customers
> (especially those on dynamic IP connections).
> It probably will do good to block infected customers that are spewing
> spam all over the world.
>
> However, considering the number of mobile workers out there who send
> email via their laptops to corporate SMTP servers, won't blocking
> outbound SMTP affect them?
>
vpns fix this...
> Since these corporate types (I'm guessing here) are probably unaware of
> how to change their email client's SMTP configurations, chances are that
> blocking outbound SMTP will probably cause quite a lot of pain.
>
uunet dialup has blocked port25 in both directions since 2002...
little to no complaints. (well, they may have received complaints
since I left, but... thank John StClair for the work behind that
filtering actually.)
> After all, there are also those who frequently move from place to place
> so they're going to have to keep changing SMTP servers every time they
> go to a new place that's on a different ISP.
>
many config's actually just use WCCP to transparently redirect your
smtp to an authorized SMTP server as Andy Dills points out.
-Chris
