Customer-facing ACLs

• Previous message (by thread): Customer-facing ACLs
• Next message (by thread): Customer-facing ACLs
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Ang Kah Yik wrote:
> 
> However, considering the number of mobile workers out there who send 
> email via their laptops to corporate SMTP servers, won't blocking 
> outbound SMTP affect them?
> 
> After all, there are also those who frequently move from place to place 
> so they're going to have to keep changing SMTP servers every time they 
> go to a new place that's on a different ISP.

Thanks for joining the discussion.  Frankly I'd be surprised to find 
many corps with an externally-accessible SMTP server that would accept 
mail on tcp/25.  The only way they'd do it is with SMTP AUTH which 
(hopefully) implies the use of SMTP TLS as well.  I know of very few 
corps that actually do this.  Most of the corps I can think of are 
either running Exchange and utilizing RPC over HTTP, simply point their 
users to their company's webmail server, or require that their users VPN 
back to HQ to access their internal MTA.  The sites that I can think of 
with external user-accessible SMTP daemons are entities with highly 
technical users.  They utilize SMTP AUTH, TLS, and the Mail Submission 
Port on tcp/587.  I'm afraid they are in the minority though.

The MSP port is the best way to get around the blocks with decent MTAs. 
  Your local MTA's support for other non-standard mechanisms for 
relaying mail from untrusted networks may also help with this problem 
(RPC over HTTP).  Other than that I don't think there's enough demand 
for outgoing SMTP from the masses to warrant not blocking it. 
Redirecting generally takes care of that anyway.

Thanks for the input though.  All thoughts are welcome.
  Justin

• Previous message (by thread): Customer-facing ACLs
• Next message (by thread): Customer-facing ACLs
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]