[145841] in North American Network Operators' Group

home help back first fref pref prev next nref lref last post

Re: Outgoing SMTP Servers

daemon@ATHENA.MIT.EDU (Dave CROCKER)
Tue Oct 25 05:29:15 2011

Date: Tue, 25 Oct 2011 11:27:37 +0200
From: Dave CROCKER <dhc2@dcrocker.net>
To: William Herrin <bill@herrin.us>
In-Reply-To: <CAP-guGVKz-h44hvfMP53UhLSQNivxhPFn5wEngfyrZCe1sHTRA@mail.gmail.com>
Cc: nanog@nanog.org
Reply-To: dcrocker@bbiw.net
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org


On 10/25/2011 8:13 AM, William Herrin wrote:
> Blocking outbound TCP SYN packets on port 25 from non-servers is
> considered a BEST PRACTICE
...
> The SMTP submission port (TCP 587) is authenticated and should
> generally not be blocked.


    Email Submission Operations: Access and Accountability Requirements

    <http://www.ietf.org/rfc/rfc5068.txt>  IETF BCP

It does not explicitly support blocking outbound port 25, since that's 
controversial, but it /does/ require permitting outbound port 587.

d/


> Regards,
> Bill Herrin
>
>

-- 

   Dave Crocker
   Brandenburg InternetWorking
   bbiw.net


home help back first fref pref prev next nref lref last post