NormanSPremium,MVM
join:2001-02-14
San Jose, CA
kudos:4 Reviews:
 ·SONIC.NET
·Pacific Bell - SBC
| reply to tschmidt
Re: Boo said by tschmidt:said by NormanS:Outbound port 25 access allows a Verizon subscriber to access port 25 on a remote host. It has been common practice for residential ISPs to block inbound Port 25 for years for exactly that reason. Blocking inbound port 25 has no effect on compromised computers' access gateway (MX) mail servers. You could block inbound port 25 to every Verizon customer, leave outbound port 25 unblocked, and compromise Verizon customer computers would be able to make connections to my gateway mail server unimpeded (unless the source IP address was in a blocking list, and my server queried same).
FWIW, neither AT&T (in the legacy SBC regions), nor Comcast block inbound port 25 by default. Comcast only blocks port 25 on evidence of abuse from their customer; that is a bidirectional block when implemented. AT&T (legacy SBC regions only) just blocks outbound port 25; though their block is bidirectional for AT&T Worldnet DSL and AT&T Southeast (legacy Bellsouth) customers.
said by NormanS: that end user message submission should be done over port 587. I read it over last night after I posted. I'll have to contact my hosting service to see what they support. I'm in New England, Verizon sold assets to FairPoint but I have to assume they will adopt similar policy at some point. I'm in favor of steps that reduce spam but some ISPs have adopted rather silly an ineffective anti-spam measures that make life difficult.
--
Norman
~Oh Lord, why have you come
~To Konnyu, with the Lion and the Drum |
