ingress SMTP

Bill Stewart nonobvious at
Fri Sep 12 21:19:03 CDT 2008

Hi, Hobbit - we met back in the late 80s / early 90s at various New Jersey
such as Trenton Computer Fair, but you probably don't remember me; Tigger
says hi as well...

"Be Liberal in what you accept, be conservative in what you send,
and be really really clear in your error messages,
except occasionally if you're lying to spammers."

IMHO, selling somebody connectivity that blocks various ports isn't
selling them Internet Service, it's selling them Walled Garden Couch-Potato
For many people that's ok, and if they're sending traffic on Port 25
it's only because some zombieware has taken over their PC,
as opposed to because they're actually trying to send it.

But the old PC on my desk upstairs has about 2500 times as much CPU
and 500 times as much disk space as the Vaxen that I used
to run email for a department of 30 people,
and the network connection is about 300 times as fast,
and there's no particular reason that it shouldn't have
full end-to-end Internet presence like anybody's commercial mail server.
That's different from 15 years ago when I only had dialup at home,
because dialup wasn't really a full-time process, and sending mail was
sufficiently unreliable that it made sense to run a dumb client at home
that talked to a full-time smart host that knew how to queue messages and
retry on failure.

Blocking port 25 has become popular, not only with
walled-garden connectivity services that are really scared of their
customers running their own servers (e.g. most cable modem companies),
but also with other ISPs that don't want to deal with the problems
of having customers who are spamming (whether deliberate or zombified.)
So anybody buying something lower-priced than a T1 typically needs to
have a mail client or mail transfer agent that can use other ports,
unless they want to trust their ISP's mail service or use webmail.
And also obviously if you're running an outbound mail relay smarthost for
your clients
you need to accept mail from known people on the various authenticated ports
in case they're stuck behind a randomly misbehaving ISP, and you should also
support encrypted SMTP in general.

In some sense, anything positive you an accomplish by blocking Port 25
you can also accomplish by leaving the port open and advertising the IP
on one of the dynamic / home broadband / etc. block lists,
which leaves recipients free to whitelist or blacklist your users.
And you can certainly provide better service to your customers by
redirecting Port 25 connections to an SMTP server that returns
"550 We block Port 25 - see"
or some similarly useful message as opposed to just dropping the packets.

I've toned down my vehemence about the blocking issue a bit -
there's enough zombieware out there that I don't object strongly to an ISP
that has it blocked by default  but makes it easy for humans to enable.

Thanks; Bill Stewart

Note that this isn't my regular email account - It's still experimental so
And Google probably logs and indexes everything you send it.

More information about the NANOG mailing list