Outgoing SMTP Servers

Owen DeLong owen at delong.com
Wed Oct 26 00:15:26 UTC 2011

On Oct 25, 2011, at 3:16 PM, William Herrin wrote:

> On Tue, Oct 25, 2011 at 5:56 PM, Owen DeLong <owen at delong.com> wrote:
>> Put another way, your mechanism rewards those
>> doing the wrong thing while punishing those of us
>> sending our email via encrypted and authenticated
>> mechanisms.
> Owen,
> If you're doing the "right" thing, sending email via encrypted,
> authenticated mechanisms, then you're doing it TCP ports 587 or 443.
> Where Mike's mechanism obstructs you not at all.
Depends. Some hotel admins aren't so bright. That's the problem. Not
everyone hears block outbound SMTP on port 25, they hear block outbound
SMTP and stop listening. Boom, 25, 465, 587 all get turned off.

Worse, if they redirect 25, then, it can still cause problems with many clients
because they will try 25 first assuming that if it is broken it will fail. There''s
nothing wrong with that approach IMHO. There's no reason one can't
send email over 25 just as well as 587 as long as they're authenticating
and doing it over an encrypted channel. My client generally tries in this
order: 25, 587, 465, 443, 80. If people merely break things by blocking
SMTP on one or more ports, then it works. If they do stupid pet tricks
like redirecting all connections to other addresses to their own server,
then it breaks horribly.

> If you're still doing the wrong thing, trying to talk to remote SMTP
> servers on TCP port 25, why should his mechanisms not punish you?

It's not wrong to talk to them on port 25. It's wrong to allow unauthenticated
remote users to send on your own port 25 for relay purposes.

This is the problem... I don't buy your idea of what constitutes doing
the wrong thing and neither do the developers of many email clients.


More information about the NANOG mailing list