On Mon, 23 May 2011, Paul Wise wrote: > On Mon, May 23, 2011 at 7:47 AM, Goswin von Brederlow <goswin-...@web.de> > wrote: > > The only advantage of this would be for systems that firewall outgoing > > mail conections but allow http or have a http proxy but no smarthost. > > There are a *lot* of ISPs that do this. My ISP does this so I have to > send mail via SSH tunnel or webmail.
It is now a best-standard-practice for ISPs to block port 25 traffic across home-user access network borders. It is being done on purpose to leverage packet-filtering hardware and the distributed architecture characteristics of access/border network filtering (which is already there). Its objectives are: reduce the overhead on MTAs everywhere due to spambot connections, and reduce the number of botnet-caused incident complaints. Users are now supposed to use ESMTPSA over port 587 to submit email (that would be ESMTP with TLS+SMTP AUTH) to any email provider (including his own ISP). Port 25 is now reserved for static MTA-MTA (i.e. MX) traffic. >From our (Debian) PoV, whether one agrees with port-25 blocking policy or not doesn't matter. It is already deployed to several million users worldwide (which likely means at least several thousand Debian users), many of which will not configure their local MTAs to forward email, and instead just configure their MUAs. We have to deal with it somehow. Anyway, on this new port 587 world, to have reportbug reliably submit BTS email on unconfigured local networks, it would have to use ESMTPS (or deep-inspection firewalls will kill the tcp session off) over port 587. And the receiving gateway would have to localy validate that the destination are acceptable addresses (@bugs.debian.org), and also validate the sending domain (to reduce spam and guarantee a return path for further bug processing), etc. Whether it is easier to do that or instead switch to a https application gateway, I don't know. -- "One disk to rule them all, One disk to find them. One disk to bring them all and in the darkness grind them. In the Land of Redmond where the shadows lie." -- The Silicon Valley Tarot Henrique Holschuh -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20110523110124.ga10...@khazad-dum.debian.net