SMTP Relays...

From: David V. Corbin <>
Date: Thu Sep 2 14:13:10 2004

>>> But they have a right to ensure that, and by forcing you to
>>> put that traffic through their server first, they at least
>>> have an opportunity to check it.
>>> If they force it and don't check, I agree that's overly
>>> restrictive. But if they're checking, more power to 'em in my book.

The key word here is FIRST. They are completely preventing me from talking
to a valid application running at


>>> ISPs are also dealing with worm- and bot-infected servers
>>> and clients on their networks spreading email-based
>>> infections or becoming remote platforms for spamming.

So block/shutdown the offenders, not the valid users!

>>> There has to be a balance.

I see NO balance here.

>>> > Blocking outbound access
>>> > provides NO benefit to ANYONE [except lazy ignorant fools!]
>>> I can't respond to this except to say that aside from the
>>> fact that this statement is inappropriately inflammatory
>>> and doesn't reflect well on your argument, it's completely baseless.

If a person is unable or unwilling to do a competent job,
they would not survive long at my firm. The comment was
perhaps inflammatory, but I still do not see how this provides any benefit
other than
Treating a symtom rather than a cause [which MAY be cheaper].

>>> > ShadowMail and MailAuthorizeIT
>>> Hmmm, I think that's a good use for a VPN (assuming that's
>>> a corporate service you're referring to). Or how about
>>> just choosing another port? Set up an MTA that will only
>>> forward to your Exchange server, and put it on port 50025.
>>> I'm not sure all MUAs allow you to configure the SMTP port,
>>> but all the ones I use do (and for the record, I mostly use
>>> Microsoft-provided MUAs).

Yes a VPN (or even SMTPS) will adress this issue. What has me really "hot
under the collar" right now is that CableVision ( did this
over the weekend with NO NOTIFICATION!

Now I have a large number of clients screaming and blaming MY company [at
least I can point them to the
Place where posted the policy AFTER the fact.

>>> In any case, I don't think I'm going to change your
>>> opinion, and you certainly will not change mine. There's
>>> been some impassioned discussion of this topic on the NANOG
>>> mail list recently as well, I think people are as divided
>>> on it as you and I are. But I think everyone can agree
>>> that between spamming and mass-mailing worms, the simple
>>> elegant utility of email is being brutally tarnished.

I am not looking to change any opinions. I simply ask where there is a
Valid technical benefit of blocking an outboust connection based solely on
the port number. If a specific IP is "doing bad things" on a port, then
block that port, Heck even block the whole IP!
Received on Thu Sep 02 2004 - 14:13:10 BST

This archive was generated by hypermail 2.3.0 : Fri Oct 10 2014 - 23:37:26 BST