Reliability is a different issue than being asked to use a server. One that should be complained about if it isn't stellar. Having said that, this does not affect Business Class services, so if you're running your own Mail, NNTP, HTTP, DNS, etc, perhaps you aren't really choosing what's best for yourself anyway.
If you care about TLS, and encryption, you likely aren't affected, because you won't be using port 25 anyway. You'll be using secure SMTP, or connecting via VPN, or whatever else. Port 587 does not accept (or shouldn't accept) unauthenticated email. So that will never be an issue unless the spammers also have your UID and PWD. That would mean you have bigger issues. All you want is a connection? Wow, same with me. I want a 110 connection for my PC, but I want a 220 for my Oven. Connection is pretty vague. What I think you mean is you want unrestricted bandwidth, and the service level of a corporate account, and you want it at the cost of residential service. 30 years ago, people thought out what they needed. Unix is a perfect example. Now, people want flash in the pan, and they get Aero, which looks cool, but is more or less useless. Yes, KDE/Gnome are good compromises, but the truth is, a headless Unix box is still very hard to beat. Blocking port 25 outbound does LOTS to prevent the problem. It stops newbies/seniors/kids/etc from sending "mail" from their "user friendly" windows 98 boxes. It encourages people to think about security of email in a broader sense, which this conversation is doing... It helps eliminate spam, and ultimately allows me more bandwidth for P2P traffic. :) Filtering 445 is a different issue, and much like email, this is a problem that has already been forseen. You can very easily change the port that you administrate your Ipcop box from. Better yet, you can close it to outside connections entirely, and establish a VPN for administration. This becomes a complicated issue when shaw says "Stephane Dion has mandated that all email passing through these servers will be monitored and tracked." For those of you interested in that line of thinking, go here. http://en.wikipedia.org/wiki/ECHELON Kev. -----Original Message----- From: Gustin Johnson [mailto:[EMAIL PROTECTED] Sent: Tuesday, June 19, 2007 2:26 PM To: CLUG General Subject: Re: [clug-talk] Did shaw shut down external ports? -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Kevin Anderson wrote: > It's just not an issue. Use Shaw's server as a smarthost, and all's > fine. You aren't filtered, you aren't limited. This is irrelevant. > It It is relevant since their mail service is less than stellar in my experience. I do not use their services since I either provide them myself or have acquired them from a 3rd party (DNS, mail, NNTP, web hosting are examples of services I get elsewhere). > means there's one extra hop in the path your email takes getting to > it's destination. That's out of your control after it leaves your > server Actually it also breaks TLS encryption which allows for secure authentication and transmission. This is important, though it does not garner the attention it deserves. Since PGP/gpg is not supported by a wide enough range of email clients TLS at least provides some measure of protection. Even though I have provided a work around (the ports 587 and 465) for my clients, how long until the spammers begin to use these ports as well? At best this policy of Shaw's provides short term respite while doing nothing to combat the actual problem. I would rather they spend our money more effectively. > anyway, so what's the difference. In the old days, prior to High > Speed Internet and always on connections, this was the norm. This is > EXACTLY how email was designed to be used. That's why sendmail uses a smarthost. > Email was designed 30+ years ago. This is EXACTLY why we have the problems we do today. The system was simply not designed for the environment that it is in. Simply blocking an outbound port does little to rectify the actual problem. If anything it gives a false sense of security which leaves us worse off than before. > Any issue you have with a blog breaking because of this is, as far as > I'm concerned, a misconfiguration of the blog. I am less likely to make such a blanket statement about software I have never seen. I can think of legitimate reasons for blog software to behave this way. Especially if it supports TLS/SSL and Auth, which btw, Shaw does not. > This is like saying you're mad that you need to assign a default > gateway to your server. It accomplishes the same thing, and provides > the same restrictions. It should be there. It'll work without one > under the right circumstances (proxy servers, etc), but you should use > one. Mail is the same thing. Did you need it? No. As a residential > user, should you be using it? Yes. All I need/want is a connection. I do not require from Shaw *any* services other than IP routing. Preventing us from acquiring services (DNS, Mail, web space etc.) from 3rd parties is not a good thing, even if we are "residential" customers. This current problem is not all that severe as it is trivial to work around. I worry more about the future, what comes next? This is not the kind pf precedent that we want set. Will they filter port 445 as my portable Rogers connection does, for our protection (this is normally used by Windows/CIFS file sharing, but is also the default management port for IPCOP)? Where will they draw the line? This is a complicated issue, and I am glad that we are discussing it. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGeDvRwRXgH3rKGfMRApeiAJ4sWLliect/2M/Mo6D4zfuq/Y1r5QCfcUUo KNJJ+qNfgb9nVlZMJKEBRoQ= =CxtR -----END PGP SIGNATURE----- _______________________________________________ clug-talk mailing list [email protected] http://clug.ca/mailman/listinfo/clug-talk_clug.ca Mailing List Guidelines (http://clug.ca/ml_guidelines.php) **Please remove these lines when replying _______________________________________________ clug-talk mailing list [email protected] http://clug.ca/mailman/listinfo/clug-talk_clug.ca Mailing List Guidelines (http://clug.ca/ml_guidelines.php) **Please remove these lines when replying
