[87876] in North American Network Operators' Group
Re: BLS FastAccess internal tech needed
daemon@ATHENA.MIT.EDU (Todd Vierling)
Fri Jan 13 00:20:03 2006
Date: Fri, 13 Jan 2006 00:19:14 -0500 (Eastern Standard Time)
From: Todd Vierling <tv@duh.org>
To: Suresh Ramasubramanian <ops.lists@gmail.com>
Cc: nanog@nanog.org
In-Reply-To: <bb0e440a0601121946p60c9cc1fref4491649cf3f0d0@mail.gmail.com>
Errors-To: owner-nanog@merit.edu
On Fri, 13 Jan 2006, Suresh Ramasubramanian wrote:
> > (Your new SMTP port filters put in today in the Atlanta market are a step in
> > the right direction, but they are configured incorrectly: They block
> > outbound connections to port 25, which is good -- but they are also blocking
> > *inbound* connections to a local SMTP receiver, which protects nothing and
> > simply annoys those of us who have a clue.)
>
> What they're *trying* to do is actually quite sensible, and beats
> spammers trying to do asymmetric routing / source address spoofing
> type stuff
>
> I guess what they actually should do is filtering inbound connections
> FROM port 25 to any port.
That's why I said that it is misconfigured. The inbound packet filter has
the wrong matching criterion.
--
-- Todd Vierling <tv@duh.org> <tv@pobox.com> <todd@vierling.name>
