On 1/13/06, Todd Vierling <tv@duh.org> wrote:
(Your new SMTP port filters put in today in the Atlanta market are a step in the right direction, but they are configured incorrectly: They block outbound connections to port 25, which is good -- but they are also blocking *inbound* connections to a local SMTP receiver, which protects nothing and simply annoys those of us who have a clue.)
What they're *trying* to do is actually quite sensible, and beats spammers trying to do asymmetric routing / source address spoofing type stuff I guess what they actually should do is filtering inbound connections FROM port 25 to any port. Thread starting from http://www.merit.edu/mail.archives/nanog/2005-01/msg00127.html for example And an example of how people get bitten without doing that .. What Hank thought: http://www.cctec.com/maillists/nanog/current/msg03171.html Actual issue: http://www.cctec.com/maillists/nanog/current/msg03232.html (which is what it turned out to be .. unidirectional port 25 filtering and a customer - nigerian spammer rather - who was sending out packets through a satellite interface but with Hank's IP as the source IP) srs -- Suresh Ramasubramanian (ops.lists@gmail.com)