At 10:47 AM 4/14/2004, Iljitsch van Beijnum wrote:
On 14-apr-04, at 17:45, JC Dill wrote:
I understand your frustration, but the approach of blocking port 25 isn't the right one. It may be convenient for you, but ...
Dood, this *exact* argument was made ~10 years ago against closing open relays. So, do you think that everyone should just open their servers to relaying for anyone, since closing all the open relays has proven to be inconvenient for some, and not a 100% effective solution?
Hm... "If you go faster than 30 km/h in a train the air will be sucked out and everyone inside will suffocate" vs "if you fly through the stratosphere in an airplane without a closed cabin the air will be sucked out and everyone inside will suffocate". So just because the former turned out incorrect the latter is as well?
That's a bad analogy, therefore your comparison is worthless. Closing port 25 is *very* similar to closing your server to relaying. It is a way to ensure that only authorized users send email from your network.
However, filtering TCP port 25 is bad not just because it is massively inconvenient for many people (ever work in support?)
Simply put, I do not agree with your assertion here. Most people are not inconvenienced by this change. In reality, very *few* people are inconvenienced. And those people have alternate solutions. I have helped many people configure one of these solutions when they have encountered port 25 blocking. Recently, I helped a friend who was suddenly "no longer able to send work email from her laptop at home" because their home DSL connection thru her husband's employer had implemented port 25 filtering. The solution was to create a profile on her laptop that used the DSL provider's server, and for her to select that profile when sending email from home. An even simpler solution would have been to use port 587, if her own work server had offered this option (unfortunately, it doesn't). Many ISPs have successfully implemented port 25 filtering. The support costs associated with implementing this change are small in the long run, especially when compared to the reduced abuse support costs you will realize when you are no longer empowering your users to abuse port 25 on other servers. This is the same story as when you closed your open relays, and briefly had increased support costs, which were offset by the reduced abuse support costs since you no longer were subject to being used as a relay or getting complaints about the spam your servers were spewing. It's been ten years now: <http://slashdot.org/articles/04/03/05/160229.shtml> We need to stop whining that it's "hard" or "expensive" do to the right thing and close loopholes that are abused by spammers. It's much harder and more expensive long term to NOT do the right thing. jc -- p.s. Please do not cc me on replies to the list. Please reply to the list only, or to me only (as you prefer) but not to both.