<snip>
>>> But they have a right to ensure that, and by forcing you to
>>> put that traffic through their server first, they at least
>>> have an opportunity to check it.
>>> If they force it and don't check, I agree that's overly
>>> restrictive. But if they're checking, more power to 'em in my book.
The key word here is FIRST. They are completely preventing me from talking
to a valid application running at 123.123.123.123:25.
<snip>
>>> ISPs are also dealing with worm- and bot-infected servers
>>> and clients on their networks spreading email-based
>>> infections or becoming remote platforms for spamming.
So block/shutdown the offenders, not the valid users!
<snip>
>>> There has to be a balance.
I see NO balance here.
>>> > Blocking outbound access
>>> > provides NO benefit to ANYONE [except lazy ignorant fools!]
>>>
>>> I can't respond to this except to say that aside from the
>>> fact that this statement is inappropriately inflammatory
>>> and doesn't reflect well on your argument, it's completely baseless.
If a person is unable or unwilling to do a competent job,
they would not survive long at my firm. The comment was
perhaps inflammatory, but I still do not see how this provides any benefit
other than
Treating a symtom rather than a cause [which MAY be cheaper].
<snip>
>>> > ShadowMail and MailAuthorizeIT
>>>
>>> Hmmm, I think that's a good use for a VPN (assuming that's
>>> a corporate service you're referring to). Or how about
>>> just choosing another port? Set up an MTA that will only
>>> forward to your Exchange server, and put it on port 50025.
>>> I'm not sure all MUAs allow you to configure the SMTP port,
>>> but all the ones I use do (and for the record, I mostly use
>>> Microsoft-provided MUAs).
Yes a VPN (or even SMTPS) will adress this issue. What has me really "hot
under the collar" right now is that CableVision (optonline.net) did this
over the weekend with NO NOTIFICATION!
Now I have a large number of clients screaming and blaming MY company [at
least I can point them to the
Place where optimum.net posted the policy AFTER the fact.
>>> In any case, I don't think I'm going to change your
>>> opinion, and you certainly will not change mine. There's
>>> been some impassioned discussion of this topic on the NANOG
>>> mail list recently as well, I think people are as divided
>>> on it as you and I are. But I think everyone can agree
>>> that between spamming and mass-mailing worms, the simple
>>> elegant utility of email is being brutally tarnished.
I am not looking to change any opinions. I simply ask where there is a
Valid technical benefit of blocking an outboust connection based solely on
the port number. If a specific IP is "doing bad things" on a port, then
block that port, Heck even block the whole IP!
Received on Thu Sep 02 2004 - 14:13:10 BST
This archive was generated by hypermail 2.3.0
: Fri Oct 10 2014 - 23:37:26 BST