-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Starting a new thread for this. Picking up where we left off:
Nick Wiltshire wrote: > On Wednesday 22 March 2006 11:22 am, Gustin Johnson wrote: >> Nick Wiltshire wrote: > Wow, this thread got severely hijacked :P > >>> Shaw is brain dead. Close port 25 for non business customers, problem >>> solved. >> This is the wrong way to go as it does not solve a problem, in fact it >> causes more. I use shaw as my ISP, but I _expect_ to be able to make an >> SMTP connection to anyone I like. I use TLS + SMTP auth on my own >> server and I would be very upset to be forced to use Shaw's SMTP >> servers. > > ...It is more upsetting as a SOHO customer who is paying more to have the > entire network block blacklisted so now I can use port 25, but it's > worthless. I can't email my sister in the States because her ISP has shaw > blocked. > >> SSL/TLS secured services are a good thing, especially for >> remote/road warrior users where a VPN is simply overkill. Blocking >> outbound SMTP connections prevents this. >> > > That's why you leave it open for business customers - or even be willing to > open it up upon request. SPAM is a reality, bots are a reality, blacklists > are a reality. Ignoring them is not a good policy. Blocking outbound port 25 > sucks, but what is the alternative? Lots of users connect from home. Asking them to purchase a business class connection to merely check email from home is an unreasonable burden. While I agree that SPAM and bots suck, we should be careful that our cure is not worse than the disease. There is no single alternative. Instead a combination of SPF along with well managed and properly implemented RBLs (not SPEWs IMO). Also, I try not to use Shaw for business connections anymore. It generally is not worth it. These days you can lease servers cheaper than the Shaw or Telus "business" connections. The leased boxes generally have more bandwidth as well. > >> Closing port 25 inbound to the end user does not really solve anything. >> It is the outgoing traffic that carries SPAM. > > No arguement here. Though it does stop "home" users from running a mail > server. > All that blocking inbound port 25 traffic does is break Jesse's email :) It also prevents home users from putting up wide open SMTP relays, but the majority of SPAM comes from infected PCs anyway. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFEIcmywRXgH3rKGfMRAkhJAJ0T4wI/7DXm14IVrg6Q+jr0bIPK1gCfa3c9 D37l8D7YWA1jCK46ZOwbdRI= =UXuK -----END PGP SIGNATURE----- _______________________________________________ clug-talk mailing list [email protected] http://clug.ca/mailman/listinfo/clug-talk_clug.ca Mailing List Guidelines (http://clug.ca/ml_guidelines.php) **Please remove these lines when replying
