nanog mailing list archives
RE: Outgoing SMTP Servers
From: "Dennis Burgess" <dmburgess () linktechs net>
Date: Mon, 24 Oct 2011 23:49:11 -0500
On Oct 24, 2011, at 9:29 PM, Dennis Burgess wrote:I am curious about what network operators are doing with outbound
SMTP
traffic. In the past few weeks we have ran into over 10 providers, mostly local providers, which block outbound SMTP and require the users to go THOUGH their mail servers even though those servers are not responsible for the domains in question! I know other mail servers are blocking non-reversible mail, however, is this common? And more importantly, is this an acceptable practice?It's both unacceptable in my opinion and common. There are even those misguided souls that will tell you it is best practice, though general agreement, even among them seems to be that only 25/tcp should be blocked and that 465 and 587 should not be blocked.
[dmb] I would agree, for residential customers, if they use the "ISP" domain, then yes they should relay though the ISPs mail server. For business customers and other residential customers that do NOT use the ISP domain, then I think they should use their own mail server that they already pay for.
Most of our smaller ISPs that we support; we allow any outbound SMTP connection, however we do watch residential users for 5+ outbound
SMTP
connections at the same time. But if the ISP has their own mailservers, and users wish to relay though them, we basically tell them to use their mail server that they contract with. What is the best practice?Best practice is to do what works and block as much SPAM as possible without destroying the internet in the process. There are those who
argue
that blocking 25/tcp does not destroy the internet. By and large, they
are
the same ones who believe NAT was good for us. Owen
[dmb] Lots of smaller ISPs out there run thousands of customers though NAT and I can see the need to properly "monitor" the SPAM activity on those IPs, not saying that is right, but I do see the point, in this event. But for ISPs that are handing out publics, I don't see how blocking outbound Port 25 helps, other than makes more support calls for the end users. Keep in mind that, ATT DSL and the local cable co here in STL, both block outbound port 25, but a simple phone call or e-mail to their support and they will remove the block.
Current thread:
- Outgoing SMTP Servers Dennis Burgess (Oct 24)
- Re: Outgoing SMTP Servers Owen DeLong (Oct 24)
- RE: Outgoing SMTP Servers Dennis Burgess (Oct 24)
- Re: Outgoing SMTP Servers Bjørn Mork (Oct 25)
- Re: Outgoing SMTP Servers Carlos Martinez-Cagnazzo (Oct 25)
- RE: Outgoing SMTP Servers Dennis Burgess (Oct 25)
- Re: Outgoing SMTP Servers David E. Smith (Oct 25)
- Re: Outgoing SMTP Servers Carlos Martinez-Cagnazzo (Oct 26)
- Re: Outgoing SMTP Servers Randy Bush (Oct 25)
- Re: Outgoing SMTP Servers Owen DeLong (Oct 24)
- Re: Outgoing SMTP Servers Jeroen van Aart (Oct 25)
- RE: Outgoing SMTP Servers John van Oppen (Oct 26)
- RE: Outgoing SMTP Servers up (Oct 26)