I'm curious how a traveller is supposed to get SMTP relay service when, well, travelling. I am not really sure if I want a VPN for sending a simple email.
And I can understand (although I am not convinced that doing so is such a great idea) blocking 25/tcp outgoing, as most botnets will try that method of delivery. However, I do believe that outgoing 465 SHOULD always be allowed.
regards
Carlos
[dmb] This is the exact question, why, do you NEED a SMTP Relay on ANY network. Your domain has a mail server out on the net that if you authenticate to, I am sure will relay your mail, and the reverse DNS and SPF records would match then as well. Why does the local internet provide NEED to relay though their server, regardless of the port.
On Tue, Oct 25, 2011 at 10:43 AM, Bjørn Mork <bjorn@mork.no> wrote:
Owen DeLong <owen@delong.com> writes:
It's both unacceptable in my opinion and common. There are even those misguided souls that will tell you it is best practice, though general agreement, even among them seems to be that only 25/tcp should be blocked and that 465 and 587 should not be blocked.
It is definitely considered best practice in some areas. See e.g. http://translate.google.com/translate?hl=en&u=http://ikt-norge.no/wp-c ontent/uploads/2010/10/bransjenorm-SPAM.pdf (couldn't find an english original, but the google translation looks OK)
The document is signed by all major ISPs in Norway as well as the Norwegian research and education network operator, so it must be considered a local "best practice" whether you like it or not.
Note that only port 25/tcp is blocked and that some of the ISPs offer a per-subscriber optout.
Eh, this was the Northern Aurope NOG, wasn't it?
Bjørn
-- -- ========================= Carlos M. Martinez-Cagnazzo http://www.labs.lacnic.net =========================