ISP port blocking practice

Justin Shore justin at justinshore.com
Fri Oct 23 02:51:06 UTC 2009


Joe Maimon wrote:
> You can configure exchange to use additional smtp virtual servers and 
> bind them to specific ports. You can also require authentication to 
> access the ports and you can restrict it to users. You can also enable 
> it for STARTTLS.

That I did not know.  Last time I'd looked there wasn't a decent work 
around unless you wanted to run a 2nd Exchange server in a cluster of 
sorts on a 2nd box and change it's default port to 587.  Then let 
Exchange clustering move the mail around on the back end.  This is good 
to know.

> I have many a time recommended consulting customers to follow up with 
> their mail provider to see if they has any plans to support the rfc 
> standard, but I dont share much enthusiasm for complete adoption. I do 
> believe it is getting better.

I'm sorry to say that the larger SP that we outsourced our customer mail 
service to doesn't support MSP.  They don't support much of anything 
outside of the very basics.  They require SMTP AUTH but until relatively 
recently they didn't support any AUTH options other than plaintext (I 
was actually shocked just now when I doublechecked because I have looked 
before).  No, I'm not kidding.  They do rDNS checks on every IP list in 
a Received line.  The also do DNSBL DUL checks on all IPs on the 
Received lines (dumb because of course the first one will match if the 
SP has their customer dynamic pools listed in a DUL-type list).  Things 
will change on their end and the way we find out is because of user 
complaints.  The decision to switch to them wasn't a technical one I'm 
afraid.  If you're an Internet *Service* Provider you should probably 
provide you own services.

Justin





More information about the NANOG mailing list