I don't mean to "me too" without reason here... I think I can explain the logic (we do this on our networks - both company, managed and ISP / ADSL services):
If I let people on my net go to 25 on other servers, they can attack their servers, search for open relays, and viruses that infect them are free to make connections out to other services and will spread more quickly. I'd suggest everyone should transparently capture port 25 wherever they can (a transparent proxy has the benefit of either redirecting the users to your server which will at least return an error message for their client to display, or selectively allowing relaying). There are network security and reliability issues in letting 25 through - 587 doesn't have the same issues though due to the authentication requirement, and honestly I've NEVER seen a virus try to use it for this reason I guess. Currently the ISP's (and from my experience the hotel's ISP's - the hotels themselves often do not have IT staff to manage a firewall!) have real reasons to do such blocking - there are numerous ways around it for anyone who runs their own server with their own roaming users though, so I don't see the problem lasting forever - once there are alternatives, consumer pressure will force the ISP neophytes into the modern world ;-) m/ -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Sam Varshavchik Sent: Wednesday, January 07, 2004 3:32 PM To: [EMAIL PROTECTED] Subject: [courier-users] Re: freemail list and questions about yahoo... Julian Mehnle writes: > Roger B.A. Klorese [EMAIL PROTECTED] wrote: >> Sam Varshavchik wrote: >> > Yes, they can. SMTP's twin sister, the mail submission protocol, uses >> > port 587, which will be unaffected by Earthlink's stupid firewall. >> >> Perhaps. But why assume it won't be blocked? I'd expect them to block >> it in a New York minute. > > Well, well. Some Internet Service Providers or Internet Access Providers > (e.g. Earthlink or some hotels) provide crippled Internet access by > blocking random IP ports. So what? It's not random. Certainly there are a lot of them out there, but I'm not aware of a single one that blocks port 587. In fact, I don't know anyone who's blocking anything other than port 25 on egress, except for selected cable companies that block well-known peer-to-peer ports. ------------------------------------------------------- This SF.net email is sponsored by: Perforce Software. Perforce is the Fast Software Configuration Management System offering advanced branching capabilities and atomic changes on 50+ platforms. Free Eval! http://www.perforce.com/perforce/loadprog.html _______________________________________________ courier-users mailing list [EMAIL PROTECTED] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
