Outgoing SMTP Servers

Dave CROCKER dhc2 at dcrocker.net
Tue Oct 25 09:27:37 UTC 2011

On 10/25/2011 8:13 AM, William Herrin wrote:
> Blocking outbound TCP SYN packets on port 25 from non-servers is
> considered a BEST PRACTICE
> The SMTP submission port (TCP 587) is authenticated and should
> generally not be blocked.

    Email Submission Operations: Access and Accountability Requirements

    <http://www.ietf.org/rfc/rfc5068.txt>  IETF BCP

It does not explicitly support blocking outbound port 25, since that's 
controversial, but it /does/ require permitting outbound port 587.


> Regards,
> Bill Herrin


   Dave Crocker
   Brandenburg InternetWorking

More information about the NANOG mailing list