On 30 Oct, Phil Howard wrote:
Bryan Bradsby wrote:
Block port 25 (only) from all "open modem banks" (TM) to my SMTP servers.
The question is whether a dialup user should use the SMTP server of the facility provider, or of the ISP that actually resells the account.
I think the SMTP server that should be used when dialing that national provider is the SMTP server provided by that national provider, unless some kind of VPN is used (to be more technically correct, use the SMTP server of the provider of IP addressing).
Port 25 restrictions don't solve the problem. The real solution is for everyone to start leaning on their server vendors to deliver authenticated SMTP. If you restrict relaying to only work with authenticated connections, the problem goes away for the most part. This solves another problem: mobile users. E.g., if I'm on the road doing corporate mail, I want to connect to my corporate mail server running encrypted SMTP. I certainly don't want my mail sitting on some random ISPs mail hub. I don't expect this to catch on in the client space in any major way until the issue is forced by the servers denying relay services to unauthenticated clients. --lyndon