Outgoing SMTP Servers

Mike Jones mike at mikejones.in
Tue Oct 25 16:03:20 CDT 2011


On 25 October 2011 20:52, Alex Harrowell <a.harrowell at gmail.com> wrote:
> Ricky Beam <jfbeam at gmail.com> wrote:
>
>>Works perfectly even in networks where a VPN doesn't and the idiot
>>hotel
>>intercepts port 25 (not blocks, redirects to *their* server.)
>>
>>--Ricky
>
> Why do they do that?
>

My home ISP run an open relay on port 25 with IP-based authentication,
so I might configure my laptops email client to send email via
smtp.myisp.com port 25 (many/most? residential ISPs have
unauthenticated relays, even ISPs that tell you to use authentication
often have another server next to it that doesn't need authentication
for customer IP space)

If the hotel simply blocks port 25 then my email is broken, if they
allow it then my email is broken (as my ISP doesn't let the hotel
relay through their mail servers), however if the hotel redirects 25
to their own open relays then in theory my email should work fine.

They could always tell people "there is a relay at 10.0.0.25 so you
can change your settings to use that", however by redirecting all port
25 traffic there they are effectively forcibly auto-configuring anyone
who was already configured to send via an unauthenticated server on
port 25. They are probably acting under the assumption that the only
people using 25 are using it for unauthenticated access, I believe
most servers that do use authentication tell users to use alternate
ports so this is probably a reasonable assumption.

Compared to straight blocking of port 25 it's probably better as long
as the relay it is redirecting you to works properly so you don't have
to try and diagnose issues - However considering the quality of the
average hotel network I suspect most of them that are trying to do
this probably have it set to redirect to a dead server anyway.

- Mike



More information about the NANOG mailing list