Outgoing SMTP Servers

Owen DeLong owen at delong.com
Tue Oct 25 15:24:09 UTC 2011

On Oct 25, 2011, at 4:15 AM, Jeroen Massar wrote:

> On 2011-10-25 12:20 , Owen DeLong wrote:
>> On Oct 25, 2011, at 3:04 AM, Jeroen Massar wrote:
>>> On 2011-10-25 11:49 , Owen DeLong wrote:
>>> [..]
>>>> With this combination, I have not encountered a hotel, airport lounge, or
>>>> other poorly run environment from which I cannot send mail through my
>>>> home server from my laptop/ipad/iphone/etc.
>>> Ever heard of this magical thing called a VPN? :)
>> Sure, but, why deal with the overhead? Who wants to have to login to a
>> VPN every time just to quickly retrieve or send some email?
> On that iToy of yours it is just a flick of a switch, presto.
On anything, a VPN is a diversion of your traffic through a tunnel with additional
overhead for encryption and encapsulation headers.

>>> Indeed, that bypasses all those crappy local networks; and yes don't
>>> worry your iToy also has more than ample VPN abilities.
>> Some do, some don't, and not all networks are any friendlier to VPNs
>> than they are to port 25.
> And the final solution then tends to be setting up a VPN on port 443...
> Which only wastes one IP address, not several for different services.
Meh, there are plenty of IP addresses. The shortage is limited to this legacy
v4 stuff. When the hotel networks and such catch up to the modern internet,
I can stop running these extra addresses on IPv4 and it won't matter.

>>> Set up once and never have to bother about special configurations or
>>> getting around stupid filters.
>> Except where you have to or where there are so many layers of NAT that
>> even VPNs don't work, or...
> Unless this 'NAT' is actually a firewall doing DPI on the packets, I
> can't see any reason why a VPN which just uses TCP over port 443 can't
> work in that situation.

You would think, but, I have seen them break. OTOH, most of my VPNs
are IPSEC, not SSL, so that's another issue. There would be significant
additional overhead in setting up an SSL VPN. Admittedly, it's one-time
overhead, but, again, I don't see a reason to bother.


More information about the NANOG mailing list