[145909] in North American Network Operators' Group
Re: Outgoing SMTP Servers
daemon@ATHENA.MIT.EDU (Carlos Martinez-Cagnazzo)
Wed Oct 26 08:56:47 2011
In-Reply-To: <13175F96BDC3B34AB1425BAE905B3CE50BA685C5@ltiserver.lti.local>
Date: Wed, 26 Oct 2011 10:55:04 -0200
From: Carlos Martinez-Cagnazzo <carlosm3011@gmail.com>
To: Dennis Burgess <dmburgess@linktechs.net>
Cc: nanog@nanog.org
Reply-To: carlos@lacnic.net
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
My point exactly, I am perfectly happy authenticating and relaying
through either my MX at the office or with Google's SMTP server. But I
just can't do that if SMTPoSSL ports are blocked by some lazy net
admin.
And I definitely hate it when I have to "pay" (in terms of delay and
overhead) the price of a VPN in order to just send a couple of emails.
cheers
Carlos
On Tue, Oct 25, 2011 at 1:57 PM, Dennis Burgess <dmburgess@linktechs.net> w=
rote:
>
>>
>> I'm curious how a traveller is supposed to get SMTP relay service when, =
well,
>> travelling. I am not really sure if I want a VPN for sending a simple em=
ail.
>>
>> And I can understand (although I am not convinced that doing so is such =
a
>> great idea) blocking 25/tcp outgoing, as most botnets will try that meth=
od of
>> delivery. However, I do believe that outgoing 465 SHOULD always be
>> allowed.
>>
>> regards
>>
>> Carlos
>>
>
> [dmb] This is the exact question, why, do you NEED a SMTP Relay on ANY ne=
twork. =A0Your domain has a mail server out on the net that if you authenti=
cate to, I am sure will relay your mail, and the reverse DNS and SPF record=
s would match then as well. =A0Why does the local internet provide NEED to =
relay though their server, regardless of the port.
>
>> On Tue, Oct 25, 2011 at 10:43 AM, Bj=F8rn Mork <bjorn@mork.no> wrote:
>> > Owen DeLong <owen@delong.com> writes:
>> >
>> >> It's both unacceptable in my opinion and common. There are even those
>> >> misguided souls that will tell you it is best practice, though
>> >> general agreement, even among them seems to be that only 25/tcp
>> >> should be blocked and that
>> >> 465 and 587 should not be blocked.
>> >
>> > It is definitely considered best practice in some areas. =A0See e.g.
>> > http://translate.google.com/translate?hl=3Den&u=3Dhttp://ikt-norge.no/=
wp-c
>> > ontent/uploads/2010/10/bransjenorm-SPAM.pdf
>> > (couldn't find an english original, but the google translation looks
>> > OK)
>> >
>> > The document is signed by all major ISPs in Norway as well as the
>> > Norwegian research and education network operator, so it must be
>> > considered a local "best practice" whether you like it or not.
>> >
>> > Note that only port 25/tcp is blocked and that some of the ISPs offer
>> > a per-subscriber optout.
>> >
>> > Eh, this was the Northern Aurope NOG, wasn't it?
>> >
>> >
>> >
>> >
>> > Bj=F8rn
>> >
>> >
>>
>>
>>
>> --
>> --
>> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D
>> Carlos M. Martinez-Cagnazzo
>> http://www.labs.lacnic.net
>> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D
>
>
>
--=20
--
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
Carlos M. Martinez-Cagnazzo
http://www.labs.lacnic.net
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
