ingress SMTP

Alec Berry alec.berry at restontech.com
Wed Sep 3 11:06:45 CDT 2008


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Justin Scott wrote:
> We, being somewhat intelligent, have a support process in place 
> to walk the customer through the SMTP port change from 25 to one of our 
> two alternate ports.

Why don't you set the alternate ports up as the defaults when the
customer signs up? There are so many ISPs, WAPs, cell carriers, etc that
are blocking egress port 25 (ie outgoing from their network) already.
The prudent thing to do, for you and your customers, would be to assume
every customer will, at some point, have access to port 25 blocked.

We use TLS on port 587 and SSL on 465, most mail clients default to
these ports when you click the "TLS" or "SSL" box. Bonus-- we tell our
clients that "we only support encrypted access to their mail". They
understand.

> In any case, I don't believe a blanket block of 25 is the answer.

If the question is "how can we stop consumer bot armies from sending
spam" it is a pretty good, albeit incomplete, answer.

...
alec

- --
`____________
/ Alec Berry \______________________________
| Senior Partner and Director of Technology \
| PGP/GPG key 0xE8E9030F                    |
| http://alec.restontech.com/#PGP           |
|-------------------------------------------|
|             RestonTech, Ltd.              |
|        http://www.restontech.com/         |
|          Phone: (703) 234-2914            |
\___________________________________________/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFIvrYTREO1P+jpAw8RApsOAJ9YTMfMfb4X4PDVaABd+jeLiU/3IgCeKLQW
7rczuS4j56owjGJ88RQbV4I=
=le+L
-----END PGP SIGNATURE-----




More information about the NANOG mailing list