On Oct 23, 2007, at 1:28 AM, Adrian Chadd wrote:
On Tue, Oct 23, 2007, Dave Pooser wrote:
It seems to me that blocking port 25 by default and unblocking on
request
would be an ideal low-maintenance solution that would reduce spam
considerably, and has the added benefit of being on-topic for NANOG.
For those of you who run Cisco kit; you can also use WCCPv2 to
redirect 25/TCP -in hardware path without policy routing- to a farm of
servers. Its actually documented in the WCCPv2 specification - you can
redirect arbitrary TCP/UDP ports. Think of the possibilities.
(I don't think the CRS does WCCP :P but it'll be in hardware path on
6500/7600 on anything >= SUP2/PFC2; 3560/3750/4500/4948; It'll also be
in CEF path IIRC on software platforms.)
This behavior is exactly the kind of irritating misguided action
which launched
my initial complaint.
The problem is that your server farm won't match my expectations for
STARTTLS,
which then prevents me from engaging SMTPAUTH and sending my mail.
My mail severs aren't open relays, but, I am able to send email
through them from
any non-broken internet connection.
The issue is the increasingly high percentage of internet connections
which are
becoming broken. So far, the only "justification" for this behavior
posted is the
inability of the folks in Redmond to deliver non-broken software such
that a large
enough fraction of portable machines are able to "credential hijack"
from stored
credentials on the machine and impersonate the operator while botted.
I really wish we could find a way to punish the folks in Redmond and
the people
whose hosts are botted instead of punishing everyone else for their
errors.
Owen
