On Wednesday 22 March 2006 3:03 pm, Gustin Johnson wrote: > Starting a new thread for this. Picking up where we left off: > > Nick Wiltshire wrote: > > On Wednesday 22 March 2006 11:22 am, Gustin Johnson wrote: > >> Nick Wiltshire wrote: > > > > Wow, this thread got severely hijacked :P > > > >>> Shaw is brain dead. Close port 25 for non business customers, problem > >>> solved. > >> > >> This is the wrong way to go as it does not solve a problem, in fact it > >> causes more. I use shaw as my ISP, but I _expect_ to be able to make an > >> SMTP connection to anyone I like. I use TLS + SMTP auth on my own > >> server and I would be very upset to be forced to use Shaw's SMTP > >> servers. > > > > ...It is more upsetting as a SOHO customer who is paying more to have the > > entire network block blacklisted so now I can use port 25, but it's > > worthless. I can't email my sister in the States because her ISP has shaw > > blocked. > > > >> SSL/TLS secured services are a good thing, especially for > >> remote/road warrior users where a VPN is simply overkill. Blocking > >> outbound SMTP connections prevents this. > > > > That's why you leave it open for business customers - or even be > > willing to > > > open it up upon request. SPAM is a reality, bots are a reality, > > blacklists > > > are a reality. Ignoring them is not a good policy. Blocking outbound > > port 25 > > > sucks, but what is the alternative? > > Lots of users connect from home. Asking them to purchase a business > class connection to merely check email from home is an unreasonable > burden. While I agree that SPAM and bots suck, we should be careful > that our cure is not worse than the disease. >
It's not - as I suggested, the port could be opened per-client on a request basis at no charge. Those that need it could have it. And, unless you're using POP-before-SMTP, you don't need port 25 to check mail. > There is no single alternative. Instead a combination of SPF along with > well managed and properly implemented RBLs (not SPEWs IMO). > This is the cure that's worse than the disease IMO. It's what we are trying to do already. The key to your sentence is "properly implemented". We can't even get people to stop having wide open mail relays or DNS recursion. It will _never ever_ be properly implemented everywhere. If a company as big as MS starts filtering you, you've likely done something stupid. SPF is a good idea, but doesn't have wide enough usage. Plus it can filter out legit mail. I'm no expert on this though... This is the 3rd time in under a year I've heard of Shaw getting blacklisted by 3 separate entities. I'm not one to point a finger but *points his finger at shaw* We need to turn off grandma's SPAM-chucker. Those that know what they want could go to shaw.ca, log in, check off a box, and go on with life. > Also, I try not to use Shaw for business connections anymore. It > generally is not worth it. These days you can lease servers cheaper > than the Shaw or Telus "business" connections. The leased boxes > generally have more bandwidth as well. > That depends on what you need the connection for, I guess. > >> Closing port 25 inbound to the end user does not really solve anything. > >> It is the outgoing traffic that carries SPAM. > > > > No arguement here. Though it does stop "home" users from running a mail > > server. > > All that blocking inbound port 25 traffic does is break Jesse's email :) > It also prevents home users from putting up wide open SMTP relays, but > the majority of SPAM comes from infected PCs anyway. > > > _______________________________________________ > clug-talk mailing list > [email protected] > http://clug.ca/mailman/listinfo/clug-talk_clug.ca > Mailing List Guidelines (http://clug.ca/ml_guidelines.php) > **Please remove these lines when replying _______________________________________________ clug-talk mailing list [email protected] http://clug.ca/mailman/listinfo/clug-talk_clug.ca Mailing List Guidelines (http://clug.ca/ml_guidelines.php) **Please remove these lines when replying
