Outgoing SMTP Servers
owen at delong.com
Wed Oct 26 13:24:23 UTC 2011
> In a perfect world we would all have as many static globally routed IP
> addresses as we want with nothing filtered, in the real world a
> residential ISP who gives their customers globally routable IPv4
> addresses for each computer (ie. a CPE that supports multiple
> computers without NAT) with no filtering at all is probably going to
> have to hire more support staff to deal with it, even before people
> from this list start null routing their IP space for being a rogue ISP
> that clearly doesn't give a damn etc :)
Agreed that we should get to the point where everyone can have thousands of static globally routed subsets as soon as possible. The technology already exists and I use it wherever it is available. I have 65,536 static globally routed subsets available in my network, though I do not currently use that many. The reason we don't all have that yet is merely delay and inaction by those who have not yet implemented current IP technologies.
> Perhaps our next try with IPv6 can be a perfect world where hosts are
> secure enough for open end to end connectivity and infected machines
> are rarely a problem? IPv6 enabled systems are more secure than a lot
> of the systems we have floating around on IPv4 networks, but I still
> think we're going to end up with port blocking becoming reasonably
> common on IPv6 as well once that starts getting widely deployed to
> residential users.
Firewalls are perfectly valid and I have no general objection to filtering packets based on the policy set by a site. What I object to is having someone I pay to move my packets tell me that they won't move some of those packets because they feel it is some form of best practice to eliminate my perfectly valid packets in order to prevent someone else from committing some form of abuse on the same protocol.
I object even more strenuously to someone who redirects my packets for their intended destination to some man in the middle attack destination of their choosing.
Redirecting someones SMTP is a man I. The middle attack. It is every bit as evil as any other form of network abuse or hijacking.
More information about the NANOG