Nils Ketelsen wrote:
On Thu, Feb 24, 2005 at 11:36:40PM -0500, Valdis.Kletnieks@vt.edu wrote:
Well, OK. If you know for a *fact* that your users *never* roam, and you have sufficiently good control of your IP addresses that you can always safely decide if a given connection is "inside" or "outside" and allow them to relay based on that, then no, you don't need to support 587.
The rest of us run mail services in the real world, where lots of users buy laptops, and then actually <gasp, shock> *use* the portability and thus often end up behind some other ISP's port-25 block.
I force anyone, who wants to relay to use SMTP-AUTH on port 25. Only mails for local delivery are accepted without AUTH. Whats point in opening another port?
I use this mailserver from a lot of different networks and it works fine. If a provider blocks port 25 I call them, ask them to cahnge it, if they don't I cancel my contract, because they don't do there Job (forwarding IP).
Nils
Let us know how that goes the next time you are consulting at a cable-internet customer site with your laptop......yes you will use ssh. The priority of a network service provider should be in this order 1) Keep the network up 2) Keep the network un-abusive (this is a long-term extension of 1 because an internetwork of abusive networks wont last long) 3) Forward customers packets SO if they block outbound direct-to-mx port 25 spam, I would say they are doing their job very nicely indeed.