North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: ingress SMTP

  • From: Charles Wyble
  • Date: Wed Sep 03 17:25:16 2008

*Hobbit* wrote:
What I'm trying to get a feel for is this: what proportion of edge
customers have a genuine NEED to send direct SMTP traffic to TCP 25
at arbitrary destinations?

Probably very few.

The big providers -- comcast, verizon, RR, charter, bellsouth, etc --
seem to be some of the most significant sources of spam and malware
attempts, mostly from compromised end-user machines, and it seems
that simply denying *INGRESS* of TCP 25 traffic except to the given
ISP's outbound relay servers would cut an awful lot of it off at the
pass.


I have SBC / AT&T / Yahoo DSL in Southern California and they block outbound 25 to anything but Yahoo SMTP server farm, and they only allow SSL
connectivity at that. I'm all for that personally.


It was a minor effort to setup my [email protected] address to be allowed out (had to fill out a webform and click a verify link).

Since most people use the address given to them by the provider and most likely use webmail this certainly won't affect them.

To top it all off I can fill out another web form and specifically request unblocking of ports and relay out mail server wherever I want.

So SBC has a policy of

deny SMTP relaying by default,
provide clear instructions to allow outbound relay via approved server farm
if you don't want to be blocked request unblocking via a self service web form.


Seems perfectly acceptable to me.

Thoughts?


-- Charles Wyble (818) 280 - 7059 http://charlesnw.blogspot.com CTO Known Element Enterprises / SoCal WiFI project