[156022] in North American Network Operators' Group
Re: Blocking MX query
daemon@ATHENA.MIT.EDU (William Herrin)
Tue Sep 4 13:24:19 2012
In-Reply-To: <22236243.23098.1346769881533.JavaMail.root@benjamin.baylink.com>
From: William Herrin <bill@herrin.us>
Date: Tue, 4 Sep 2012 13:22:39 -0400
To: Jay Ashworth <jra@baylink.com>
Cc: NANOG <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Tue, Sep 4, 2012 at 10:44 AM, Jay Ashworth <jra@baylink.com> wrote:
>> There are no "good" subscribers trying to send email direct to a
>> remote port 25 from behind a NAT.
>
> Users, like myself, running Linux on home computers and laptops; our local
> sendmail-equivalents will in fact attempt direct delivery to remote SMTP MX
> servers, and we generally move around enough that setting a smarthost is
> semi-impractical, at least on laptops.
>
> I'm a bad subscriber, Bill?
Okay, fair enough. There are no good users *expecting* to send email
direct to a remote port 25 from behind a NAT. There are some good
users who occasionally run slightly sloppy configurations which might
attempt spurious port 25 connections.
Good to block port 25. Not good to knee-jerk ban users whose machines
happen to poke the port once or twice.
Regards,
Bill Herrin
--
William D. Herrin ................ herrin@dirtside.com bill@herrin.us
3005 Crane Dr. ...................... Web: <http://bill.herrin.us/>
Falls Church, VA 22042-3004
