ISP port blocking practice
Patrick W. Gilmore
patrick at ianai.net
Fri Sep 3 12:59:59 UTC 2010
On Sep 3, 2010, at 8:12 AM, Owen DeLong wrote:
> On Sep 2, 2010, at 8:54 PM, Patrick W. Gilmore wrote:
>> On Sep 2, 2010, at 11:48 PM, Owen DeLong wrote:
>>> We should be seeking to stop damaging the network for ineffective anti spam measures (blocking outbound 25 for example) rather than to expand this practice to bidirectional brokenness.
>> Since at least part of your premise ('ineffective anti-spam measures') has been objectively proven false to fact for many years, I guess we can ignore the rest of your note.
> Really? So, since so many ISPs are blocking port 25, there's lots less spam hitting our networks?
> That's really news to me... I'm still seeing an ever increasing number of attempts to deliver spam on my mailservers.
> I'd say that it has been pretty ineffective.
I'm not even going to bother replying with the multiple fallacies / logical errors you have made. I've known you for too long to assume you are that stupid, so I have to assume you are trolling. Which is beneath you.
>> Also, just so everyone doesn't think I'm in favor of "damaging" the network, I would much prefer a completely open 'Net. Who wouldn't? Since that is not possible, we have to do what we can to damage the network as little as possible. Port 25 blocking is completely unnoticeable to something on the order of 5-nines worth of users, and the rest should know how to get around it with a minimum of fuss (including things like "ask your provider to unblock" in many cases).
> Not really true. First, i dispute your 5-nines figure
Perhaps a bit of hyperbole. Let's call it 3 nines. And before you dispute that more than 1 in a thousand notice, I'd like to see even the slightest shread of evidence.
> second, yes, i can usually get around it, but seems each network requires a different workaround.
My turn to dispute. SSH tunnels work on all but one network I've tried, even on port 22. And I've tried quite a few networks. Oh, and 100% of those networks allowed VPN.
If you mean home networks require different hops to get port 25 opened, how many homes do you have?
> Since, like many of us, I use a lot of transient networks, having to reconfigure for each unique set of brokenness is actually wasting more of my time than the spam this brokenness was alleged to prevent.
First, life sux. I'm OK causing you more pain to save the 'Net from devolving into a useless mass of pure abuse.
Second, if you are not following the RFCs and using the submit port, you get no sympathy.
Third, see above with SSH tunnels & VPN.
> I suppose I should just shut up and run an instance of my SMTP daemon on port 80. After all, since IPv4 addresses are so abundant, rather than use port numbers for services, let's use IP addresses and force everything to ports 80 and 443.
Or you could follow the rules and use SUBMIT.
But I agree with the "just shut up" part. :)
More information about the NANOG