[145858] in North American Network Operators' Group
RE: Outgoing SMTP Servers
daemon@ATHENA.MIT.EDU (Dennis Burgess)
Tue Oct 25 11:56:53 2011
Date: Tue, 25 Oct 2011 10:57:24 -0500
From: "Dennis Burgess" <dmburgess@linktechs.net>
To: <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
>=20
> I'm curious how a traveller is supposed to get SMTP relay service =
when, well,
> travelling. I am not really sure if I want a VPN for sending a simple =
email.
>=20
> And I can understand (although I am not convinced that doing so is =
such a
> great idea) blocking 25/tcp outgoing, as most botnets will try that =
method of
> delivery. However, I do believe that outgoing 465 SHOULD always be
> allowed.
>=20
> regards
>=20
> Carlos
>=20
[dmb] This is the exact question, why, do you NEED a SMTP Relay on ANY =
network. Your domain has a mail server out on the net that if you =
authenticate to, I am sure will relay your mail, and the reverse DNS and =
SPF records would match then as well. Why does the local internet =
provide NEED to relay though their server, regardless of the port. =20
> On Tue, Oct 25, 2011 at 10:43 AM, Bj=F8rn Mork <bjorn@mork.no> wrote:
> > Owen DeLong <owen@delong.com> writes:
> >
> >> It's both unacceptable in my opinion and common. There are even =
those
> >> misguided souls that will tell you it is best practice, though
> >> general agreement, even among them seems to be that only 25/tcp
> >> should be blocked and that
> >> 465 and 587 should not be blocked.
> >
> > It is definitely considered best practice in some areas. =A0See e.g.
> > =
http://translate.google.com/translate?hl=3Den&u=3Dhttp://ikt-norge.no/wp-=
c
> > ontent/uploads/2010/10/bransjenorm-SPAM.pdf
> > (couldn't find an english original, but the google translation looks
> > OK)
> >
> > The document is signed by all major ISPs in Norway as well as the
> > Norwegian research and education network operator, so it must be
> > considered a local "best practice" whether you like it or not.
> >
> > Note that only port 25/tcp is blocked and that some of the ISPs =
offer
> > a per-subscriber optout.
> >
> > Eh, this was the Northern Aurope NOG, wasn't it?
> >
> >
> >
> >
> > Bj=F8rn
> >
> >
>=20
>=20
>=20
> --
> --
> =
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
> Carlos M. Martinez-Cagnazzo
> http://www.labs.lacnic.net
> =
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
