nanog mailing list archives

Re: ingress SMTP

From: Justin Scott <jscott () gravityfree com>
Date: Wed, 03 Sep 2008 11:56:51 -0400

What is preventing this from being an operational no-brainer,
including making a few exceptions for customers that prove they know
how to lock down their own mail infrastructure?

As a small player who operates a mail server used by many localbusinesses, this becomes a support issue for admins in our position. Weoperate an SMTP server of our own that the employees of these variouscompanies use from work and at home. Everything works great until anISP decides to block 25 outbound. Now our customer cannot reach ourserver, so they call us to complain that they can receive but not sende-mail. We, being somewhat intelligent, have a support process in placeto walk the customer through the SMTP port change from 25 to one of ourtwo alternate ports.

The problem, however, is that the customer simply cannot understand whytheir e-mail worked one day and doesn't the next. In their eyes thesystem used to work, and now it doesn't, so that must mean that we brokeit and that we don't know what we're doing.

Your comment about "exceptions for customers that prove they know how tolock down" is not based in reality, frankly. Have you ever tried tohave Joe Sixpack call BigISP support to ask for an exception to a portblock on his consumer-class connection with a dynamic IP? That's a wallthat I would not be willing to ask my customers to climb over.

Now, having said all that, I do agree that big ISPs should do more toprevent spam from originating at their networks. A basic block of 25isn't the solution, in my opinion. Unfortunately I don't know what is.Perhaps monitoring the number of outgoing connections on 25 andtemporarily cutting off access if a threshold is reached? Set it highenough and the legitimate users won't notice, but low enough that itdisrupts the spammers. Perhaps I'm talking out of my ass and don't havea clue.


In any case, I don't believe a blanket block of 25 is the answer.


-Justin Scott, GravityFree

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

Current thread:

Re: ingress SMTP, (continued)
- - - Re: ingress SMTP Tony Finch (Sep 03)
    - Re: ingress SMTP Eugeniu Patrascu (Sep 07)
    - Re: ingress SMTP Michael Thomas (Sep 07)
    - Re: ingress SMTP Truman Boyes (Sep 07)
    - Re: ingress SMTP Eugeniu Patrascu (Sep 07)
    - Re: ingress SMTP Winders, Timothy A (Sep 07)
- RE: ingress SMTP Tim Sanderson (Sep 03)
  - Re: ingress SMTP Jay R. Ashworth (Sep 03)
    - RE: ingress SMTP Frank Bulk (Sep 03)
  - Re: ingress SMTP Eugeniu Patrascu (Sep 07)
- Re: ingress SMTP Justin Scott (Sep 03)
  - Re: ingress SMTP Alec Berry (Sep 03)
    - Re: ingress SMTP Justin Scott (Sep 03)
  - Re: ingress SMTP Alan Hodgson (Sep 03)
  - Re: ingress SMTP Jay R. Ashworth (Sep 03)
    - Re: ingress SMTP Michael Thomas (Sep 03)
    - Re: ingress SMTP Jay R. Ashworth (Sep 03)
    - Re: ingress SMTP Nicholas Suan (Sep 03)
    - Re: ingress SMTP Jay R. Ashworth (Sep 03)
    - Re: ingress SMTP Valdis . Kletnieks (Sep 03)
    - Re: ingress SMTP Tony Finch (Sep 04)

(Thread continues...)