Outgoing SMTP Servers
dmburgess at linktechs.net
Mon Oct 24 23:49:11 CDT 2011
> On Oct 24, 2011, at 9:29 PM, Dennis Burgess wrote:
> > I am curious about what network operators are doing with outbound
> > traffic. In the past few weeks we have ran into over 10 providers,
> > mostly local providers, which block outbound SMTP and require the
> > users to go THOUGH their mail servers even though those servers are
> > not responsible for the domains in question! I know other mail
> > servers are blocking non-reversible mail, however, is this common?
> > And more importantly, is this an acceptable practice?
> It's both unacceptable in my opinion and common. There are even those
> misguided souls that will tell you it is best practice, though general
> agreement, even among them seems to be that only 25/tcp should be
> blocked and that
> 465 and 587 should not be blocked.
[dmb] I would agree, for residential customers, if they use the "ISP"
domain, then yes they should relay though the ISPs mail server. For
business customers and other residential customers that do NOT use the
ISP domain, then I think they should use their own mail server that they
already pay for.
> > Most of our smaller ISPs that we support; we allow any outbound SMTP
> > connection, however we do watch residential users for 5+ outbound
> > connections at the same time. But if the ISP has their own mail
> > servers, and users wish to relay though them, we basically tell them
> > to use their mail server that they contract with. What is the best
> > practice?
> Best practice is to do what works and block as much SPAM as possible
> without destroying the internet in the process. There are those who
> that blocking 25/tcp does not destroy the internet. By and large, they
> the same ones who believe NAT was good for us.
[dmb] Lots of smaller ISPs out there run thousands of customers though
NAT and I can see the need to properly "monitor" the SPAM activity on
those IPs, not saying that is right, but I do see the point, in this
event. But for ISPs that are handing out publics, I don't see how
blocking outbound Port 25 helps, other than makes more support calls for
the end users. Keep in mind that, ATT DSL and the local cable co here
in STL, both block outbound port 25, but a simple phone call or e-mail
to their support and they will remove the block.
More information about the NANOG