ISP port blocking practice
Justin Shore
justin at justinshore.com
Fri Oct 23 01:29:27 UTC 2009
Lyndon Nerenberg (VE6BBM/VE7TFX) wrote:
>> Few
>> companies use the MSP port (tcp/587).
>
> Can you elaborate. Is this based on analysis you've conducted on
> your own network? And if so, is the data (anonymized) available for
> the rest of us to look at?
>
> My experience is that port 587 isn't used because ISPs block it
> out-of-hand. Or in the case of Rogers in (at least) Vancouver, hijack
> it with a proxy that filters out the AUTH parts of the EHLO response,
> making the whole point of using the submission service ... pointless.
I can't speak for Rogers but I have analyzed our netflow captures on a
semi-regular basis for several things before flushing it, use of the MSP
port being one of them. I've never seen any MSP port traffic on my SP
network that didn't fall into 1 of 2 categories:
1) inbound scanning for MTAs listening on the MSP port, or
2) my own MSP traffic or that of family members traffic running across
my SP network that happen to use one of my personal servers for their
own email hosting.
I can also speak from experience from the enterprise customers of the
consulting side of my SP that I worked with before returning to the SP.
Not a one of them made use of the MSP port. The vast majority, I'm
sorry to say, used Microsoft Exchange which to the best of my knowledge
doesn't support RFC2476. I did a little Googling just now and couldn't
find any hits to say they did either. Some utilized RPC-over-HTTP.
Most at the time didn't, requiring direct SMTP access or VPN.
I wish more people would use it though. My users wouldn't have cause to
get so upset when I tell them that they have to pay monthly for a static
IP to use tcp/25. It would reduce my hassles a wee bit.
Justin
More information about the NANOG
mailing list