On 9/6/12, Masataka Ohta mo...@necom830.hpcl.titech.ac.jp wrote:
Owen DeLong wrote:
You're demanding an awful lot of changes to the entire internet to
All that necessary is local changes on end systems of those who
want the end to end transparency.
Achieving end to end, and breaking
On 9/6/12 8:27 PM, Owen DeLong wrote:
Despite my scepticism of the overall project, I find the above claim a
little hard to accept. RFC 2052, which defined SRV in an
experiment, came out in 1996. SRV was moved to the standards track in
2000. I've never heard an argument why it won't work,
Well, this depends on who you think you is. The browser gang
regularly touches many MANY (but not all) clients.
Not everything on the internet is accessed using a browser.
Is adding SRV to browsers a good thing? Yes.
Is end-to-end transparent addressing a good thing? Yes.
Does one have
Eliot Lear wrote:
On 9/6/12 8:27 PM, Owen DeLong wrote:
If you're going to touch every client, it's easier to just do IPv6.
Well, this depends on who you think you is. The browser gang
regularly touches many MANY (but not all) clients.
Though I merely stated:
The easiest part of
On Tue, 11 Sep 2012 05:51:53 +0900, Masataka Ohta said:
Anything written in RFC1796 should be ignored, because RFC1796, an
informational, not standard track, RFC, states so.
On the other hand, if you're relying on the fact that 1796 is informational in
order to ignore it, then you're following
(2012/09/11 20:52), valdis.kletni...@vt.edu wrote:
On Tue, 11 Sep 2012 05:51:53 +0900, Masataka Ohta said:
Anything written in RFC1796 should be ignored, because RFC1796, an
informational, not standard track, RFC, states so.
On the other hand, if you're relying on the fact that 1796 is
On 9/11/12, Masataka Ohta mo...@necom830.hpcl.titech.ac.jp wrote:
(2012/09/11 20:52), valdis.kletni...@vt.edu wrote:
On Tue, 11 Sep 2012 05:51:53 +0900, Masataka Ohta said:
No, I don't.
It's Jimmy, Eliot and you who are relying on a non standard track
RFC to deny RFC3102 and all the non
On 09/09/2012 23:24, Masataka Ohta wrote:
Oliver wrote:
Just because something is documented in RFC does not automatically make it a
standard, nor does it necessarily make anyone care.
That's not a valid argument against text in the RFC proof read by
the RFC editor as the evidence of
Nick Hilliard wrote:
Just because something is documented in RFC does not automatically make it a
standard, nor does it necessarily make anyone care.
That's not a valid argument against text in the RFC proof read by
the RFC editor as the evidence of established terminology of the
Internet
On Sun, Sep 9, 2012 at 6:24 PM, Masataka Ohta
mo...@necom830.hpcl.titech.ac.jp wrote:
Oliver wrote:
You're basically redefining the term end-to-end transparency to suit
your own
Already in RFC3102, which restrict port number ranges, it is
stated that:
This document examines the general
William Herrin wrote:
In case Nick's comment wasn't obvious enough:
Anything written in RFC1796 should be ignored, because RFC1796, an
informational, not standard track, RFC, states so.
It's so obvious.
RFC 1796:
It is a regrettably well spread misconception that publication as an
RFC
Oliver wrote:
You're basically redefining the term end-to-end transparency to suit
your own
Already in RFC3102, which restrict port number ranges, it is
stated that:
This document examines the general framework of Realm Specific IP
(RSIP). RSIP is intended as a alternative to NAT
On Wed, Sep 05, 2012 at 02:15:07PM -0700, Joe St Sauver wrote:
2) The Spamhaus CBL tracks the level of bot spam currently seen,
including breaking out statistics by a number of factors.
3) Currently, the US, where port 25 filtering is routinely deployed by
most large ISPs, is ranked 158th
In message 108454.1346989...@turing-police.cc.vt.edu, valdis.kletni...@vt.edu
writes:
--==_Exmh_1346989445_1993P
Content-Type: text/plain; charset=us-ascii
On Fri, 07 Sep 2012 08:30:12 +1000, Mark Andrews said:
In message 85250.1346959...@turing-police.cc.vt.edu,
Oliver wrote:
All that necessary is local changes on end systems of those who
want the end to end transparency.
There is no changes on the Internet.
You're basically redefining the term end-to-end transparency to suit your
own
Already in RFC3102, which restrict port number ranges, it is
Andrew Sullivan wrote:
the DNS and won't discover anything about the DNS that can't be had
via getaddrinfo() until long after its too late redefine the protocol
in terms of seeking SRV records.
Oh, sure, I get that. One of the problems I've had with the end to
end NAT argument is exactly
On Sep 6, 2012, at 22:31 , Sean Harlow s...@seanharlow.info wrote:
On Sep 6, 2012, at 23:44, valdis.kletni...@vt.edu wrote:
However, Joe Sixpack doesn't really have that option. And
unless you figure out a scalable and universal way for Joe Sixpack's Xbox or
PS3 or
whatever to request
This has been experimental with no forward progress since 2001.
Any sane person would conclude that the experiment failed to garner any
meaningful support.
Is there any continuing active work on this experiment?
Any running code?
Didn't think so.
Owen
On Sep 6, 2012, at 23:23 , Masataka Ohta
Sean Harlow wrote:
None of these options are impacted by being behind a NAT as long
as they have the ability to open a port via UPnP or equivalent,
so if in an ideal world all client software understood SRV
records this particular negative of NAT would be of minimal impact.
My point is that
Owen DeLong wrote:
Then why is IPv6 deployment happening faster in the internet core than
at the edge?
The real world seems to defy your claims.
Which world, are you talking about? Martian?
This has been experimental with no forward progress since 2001.
Obviously because it is a new
On Fri, 07 Sep 2012 16:01:10 +1000, Mark Andrews said:
There is NOTHING stopping Sony adding code to the PS3 to perform
dynamic updates to add the records. We have a well established
protocol to do this securely. 100's of millions of records get
updated daily using this protocol in the
On Friday 07 September 2012 15:23:30 Masataka Ohta wrote:
Oliver wrote:
All that necessary is local changes on end systems of those who
want the end to end transparency.
There is no changes on the Internet.
You're basically redefining the term end-to-end transparency to suit
your
On Tue, Sep 4, 2012 at 3:45 PM, William Herrin b...@herrin.us wrote:
On Tue, Sep 4, 2012 at 2:22 PM, Jay Ashworth j...@baylink.com wrote:
It is regularly alleged, on this mailing list, that NAT is bad *because
it
violates the end-to-end principle of the Internet*, where each host is a
Subject: Re: The End-To-End Internet (was Re: Blocking MX query) Date: Wed, Sep
05, 2012 at 06:56:36PM -0400 Quoting William Herrin (b...@herrin.us):
Thing is, spam levels *are* down a good 20% in the last couple years,
that being about the time ISPs began doing this. More, 20% *is* in
rough
My idealistic preference would be the ISP allows outbound port 25,
but are highly responsive to abuse complaints;
My idealistic preference is that ISPs not let their botted customers
fill everyone's inbox with garbage.
Why do you think that blocking port 25 precludes logging what they
block,
On Thursday 06 September 2012 14:01:50 Masataka Ohta wrote:
All that necessary is local changes on end systems of those who
want the end to end transparency.
There is no changes on the Internet.
You're basically redefining the term end-to-end transparency to suit your own
agenda. Globally
On Wed, Sep 05, 2012 at 09:39:44PM -0700, Owen DeLong wrote:
Never mind the fact that all the hosts trying to reach you have no
way to know what port to use.
Despite my scepticism of the overall project, I find the above claim a
little hard to accept. RFC 2052, which defined SRV in an
On Thu, Sep 6, 2012 at 11:14 AM, Andrew Sullivan asulli...@dyn.com wrote:
RFC 2052, which defined SRV in an
experiment, came out in 1996. SRV was moved to the standards track in
2000. I've never heard an argument why it won't work, and we know
that SRV records are sometimes in use. Why
On Thu, Sep 06, 2012 at 01:49:06PM -0400, William Herrin wrote:
the DNS and won't discover anything about the DNS that can't be had
via getaddrinfo() until long after its too late redefine the protocol
in terms of seeking SRV records.
Oh, sure, I get that. One of the problems I've had with
On Sep 6, 2012, at 08:14 , Andrew Sullivan asulli...@dyn.com wrote:
On Wed, Sep 05, 2012 at 09:39:44PM -0700, Owen DeLong wrote:
Never mind the fact that all the hosts trying to reach you have no
way to know what port to use.
Despite my scepticism of the overall project, I find the above
On Thu, 06 Sep 2012 11:14:58 -0400, Andrew Sullivan said:
Despite my scepticism of the overall project, I find the above claim a
little hard to accept. RFC 2052, which defined SRV in an
experiment, came out in 1996. SRV was moved to the standards track in
2000. I've never heard an argument
It would be really nice if people making statements about the end to end
principle would talk about the end to end principle.
http://web.mit.edu/Saltzer/www/publications/endtoend/endtoend.pdf
The abstract of the paper states the principle:
This paper presents a design principle that helps
In message 85250.1346959...@turing-police.cc.vt.edu, valdis.kletni...@vt.edu
writes:
--==_Exmh_1346959671_1993P
Content-Type: text/plain; charset=us-ascii
On Thu, 06 Sep 2012 11:14:58 -0400, Andrew Sullivan said:
Despite my scepticism of the overall project, I find the above claim a
On Fri, 07 Sep 2012 08:30:12 +1000, Mark Andrews said:
In message 85250.1346959...@turing-police.cc.vt.edu,
valdis.kletni...@vt.edu writes:
My PS3 may want to talk to the world, but I have no control over Comcast's
DNS.
What point are you trying to make? Comcast's servers support SRV as
On 09/04/2012 03:52 PM, Michael Thomas wrote:
On 09/04/2012 09:34 AM, Daniel Taylor wrote:
If you are sending direct SMTP on behalf of your domain from
essentially random locations, how are we supposed to pick you out
from spammers that do the same?
Use DKIM.
You say that like it's a
On Sep 4, 2012, at 11:45 PM, Suresh Ramasubramanian ops.li...@gmail.com wrote:
So - now with ipv6 you're going to see hi, my toto highly
computerized toilet is trying to make outbound port 25 connections to
gmail
On 09/05/12 05:56 , Daniel Taylor wrote:
Use DKIM.
You say that like it's a lower bar than setting up a fixed SMTP server
and using that.
Besides, doesn't DKIM break on mailing lists?
Not only that, but a majority of spam I receive lately has a valid DKIM
signature. They are adaptive, like
On Wed, Sep 05, 2012 at 07:50:12AM -0700, Henry Stryker wrote:
Not only that, but a majority of spam I receive lately has a valid DKIM
signature. They are adaptive, like cockroaches.
This is why tcp port 25 filtering is totally effective and will remain so
forever. Definitely worth breaking
On 09/05/2012 05:56 AM, Daniel Taylor wrote:
On 09/04/2012 03:52 PM, Michael Thomas wrote:
On 09/04/2012 09:34 AM, Daniel Taylor wrote:
If you are sending direct SMTP on behalf of your domain from essentially random
locations, how are we supposed to pick you out from spammers that do the
On Wed, Sep 5, 2012 at 11:11 AM, Izaac iz...@setec.org wrote:
On Wed, Sep 05, 2012 at 07:50:12AM -0700, Henry Stryker wrote:
Not only that, but a majority of spam I receive lately has a valid DKIM
signature. They are adaptive, like cockroaches.
This is why tcp port 25 filtering is totally
On Sep 5, 2012, at 11:11, Izaac wrote:
This is why tcp port 25 filtering is totally effective and will remain so
forever. Definitely worth breaking basic function principles of a
global communications network over which trillions of dollars of commerce
occur.
Two things to note:
1.
On Sep 5, 2012, at 11:46, Greg Ihnen wrote:
But as someone pointed out further back on this thread people who want to
have their mail servers available to people who are on the other side of
port 25 filtering just use the alternate ports. So then what does filtering
port 25 accomplish?
The
On 09/05/2012 07:50 AM, Henry Stryker wrote:
Not only that, but a majority of spam I receive lately has a valid DKIM signature. They are adaptive, like cockroaches.
The I part of DKIM is Identified. That's all it promises. It's a
feature, not a bug, that spammers use it.
Mike
On 09/05/2012 08:49 AM, Sean Harlow wrote:
2. The reason port 25 blocks remain effective is that there really isn't a
bypass.
In the Maginot Line sense, manifestly.
Mike
On 09/05/12 09:13 , Michael Thomas wrote:
The I part of DKIM is Identified. That's all it promises. It's a
feature, not a bug, that spammers use it.
Which is why DKIM does not really address any concerns. The spammers
have reduced its value.
I am retired now, but do run my own mail server
On 09/05/2012 10:19 AM, Michael Thomas wrote:
On 09/05/2012 05:56 AM, Daniel Taylor wrote:
On 09/04/2012 03:52 PM, Michael Thomas wrote:
On 09/04/2012 09:34 AM, Daniel Taylor wrote:
If you are sending direct SMTP on behalf of your domain from
essentially random locations, how are we
On 09/05/2012 12:50 PM, Daniel Taylor wrote:
On 09/05/2012 10:19 AM, Michael Thomas wrote:
On 09/05/2012 05:56 AM, Daniel Taylor wrote:
On 09/04/2012 03:52 PM, Michael Thomas wrote:
On 09/04/2012 09:34 AM, Daniel Taylor wrote:
If you are sending direct SMTP on behalf of your domain from
On 09/05/2012 03:01 PM, Michael Thomas wrote:
On 09/05/2012 12:50 PM, Daniel Taylor wrote:
On 09/05/2012 10:19 AM, Michael Thomas wrote:
On 09/05/2012 05:56 AM, Daniel Taylor wrote:
On 09/04/2012 03:52 PM, Michael Thomas wrote:
On 09/04/2012 09:34 AM, Daniel Taylor wrote:
If you are
On Wed, Sep 05, 2012 at 11:46:34AM -0400, Greg Ihnen wrote:
On Wed, Sep 5, 2012 at 11:11 AM, Izaac iz...@setec.org wrote:
On Wed, Sep 05, 2012 at 07:50:12AM -0700, Henry Stryker wrote:
signature. They are adaptive, like cockroaches.
This is why tcp port 25 filtering is totally effective
Izaac iz...@setec.org commented:
#I suspect your ISP is also stripping sarcasm tags. Let's try it out
#again:
#
# You can tell that tcp port 25 filtering is a highly effective spam
# mitigation technique because spam levels have declined in direct
# proportion to their level of deployment.
On Tue, Sep 04, 2012 at 03:45:32PM -0400, William Herrin wrote:
That's what firewalls *are for* Jay. They intentionally break
end-to-end for communications classified by the network owner as
undesirable. Whether a particular firewall employs NAT or not is
largely beside the point here. Either
On Sep 5, 2012, at 5:12 PM, Izaac iz...@setec.org wrote:
Since tcp25 filtering has been so successful, we should deploy
filters for everything except tcp80 and tcp443 and maaaybe tcp21 --
but NAT already does so much to enhance the user experience there
already. And what with ISP
On Wed, Sep 5, 2012 at 5:12 PM, Izaac iz...@setec.org wrote:
I suspect your ISP is also stripping sarcasm tags. Let's try it out
again:
You can tell that tcp port 25 filtering is a highly effective spam
mitigation technique because spam levels have declined in direct
proportion to
In article 5047a2ea.8010...@hup.org you write:
On 09/05/12 09:13 , Michael Thomas wrote:
The I part of DKIM is Identified. That's all it promises. It's a
feature, not a bug, that spammers use it.
Which is why DKIM does not really address any concerns. The spammers
have reduced its value.
Well, if you've got proper forward and reverse DNS, and your portable
SMTP server identifies itself properly, and you are using networks that
don't filter outbound port 25, AND you have DKIM configured correctly
and aren't using it for a situation for which it is inappropriate, then
you'll get
On 05 Sep 2012 23:07:07 -, John Levine said:
Not really. Large mail system like Gmail and Yahoo have a pretty good
map of the IPv4 address space. If you're sending from a residential
DSL or cable modem range, they'll likely reject any mail you send
directly no matter what you do.
Which
On 9/4/12, Jay Ashworth j...@baylink.com wrote:
It is regularly alleged, on this mailing list, that NAT is bad *because it
violates the end-to-end principle of the Internet*, where each host is a
full-fledged host, able to connect to any other host to perform
transactions.
Both true. and NAT
On Sep 5, 2012, at 19:07, John Levine wrote:
Not really. Large mail system like Gmail and Yahoo have a pretty good
map of the IPv4 address space. If you're sending from a residential
DSL or cable modem range, they'll likely reject any mail you send
directly no matter what you do.
While
On 9/5/12, Sean Harlow s...@seanharlow.info wrote:
While I've clearly been on the side of don't expect this to work, why do
you have your laptop set up like that?, and defending the default-blocking
behavior on outbound, this is not true at least for Gmail. I have a test
Asterisk box which
Jimmy Hess wrote:
NAT would fall under design flaw, because it breaks end-to-end
connectivity, such that there is no longer an administrative choice
that can be made to restore it (other than redesign with NAT
removed).
The end to end transparency can be restored easily, if an
administrator
On Thu, 06 Sep 2012 13:08:29 +0900, Masataka Ohta said:
The end to end transparency can be restored easily, if an
administrator wishes so, with UPnP capable NAT and modified
host transport layer.
How does the *second* host behind the NAT that wants to use
global port 7719 do it?
(2012/09/06 13:15), valdis.kletni...@vt.edu wrote:
On Thu, 06 Sep 2012 13:08:29 +0900, Masataka Ohta said:
The end to end transparency can be restored easily, if an
administrator wishes so, with UPnP capable NAT and modified
host transport layer.
How does the *second* host behind the NAT
On Sep 5, 2012, at 21:08 , Masataka Ohta mo...@necom830.hpcl.titech.ac.jp
wrote:
Jimmy Hess wrote:
NAT would fall under design flaw, because it breaks end-to-end
connectivity, such that there is no longer an administrative choice
that can be made to restore it (other than redesign with
On Wed, Sep 5, 2012 at 9:39 PM, Owen DeLong o...@delong.com wrote:
On Sep 5, 2012, at 21:08 , Masataka Ohta mo...@necom830.hpcl.titech.ac.jp
wrote:
Jimmy Hess wrote:
NAT would fall under design flaw, because it breaks end-to-end
connectivity, such that there is no longer an administrative
Owen DeLong wrote:
then, if transport layer of the host is modified to perform
reverse translation (information for the translation can be
obtained through UPnP):
(local IP, global port) - (global IP, global port)
Now, NAT is transparent to application layer.
Never mind the fact
Hi All,
I've read old archive about blocking SMTP port (TCP port 25). In my current
situation we are mobile operator and use NAT for our subscribers and we
have few spammers, a bit difficult to track it because mostly our
subscribers are prepaid services. If we block TCP port 25, there might be
Feel free to block port 25. Most if not all mail providers offer
email access on webmail and on an alternate smtp port (587)
If you have NAT - the problem is that if you have spammers abusing
your service (or abusing other services on port 25) providers will end
up blocking your NAT gateway IP
Are you saying that you only allow your subscribers to use your DNS Servers
and block access to all other DNS Server?
On 4 September 2012 11:07, Ibrahim ibrah...@gmail.com wrote:
Hi All,
I've read old archive about blocking SMTP port (TCP port 25). In my current
situation we are mobile
Not block, but we use DNS transparent proxy mechanism. We need to do this
as our government request all ISP to block porn sites :-)
Regards
Ibrahim
On Tue, Sep 4, 2012 at 5:13 PM, Bacon Zombie baconzom...@gmail.com wrote:
Are you saying that you only allow your subscribers to use your DNS
On Tue, Sep 4, 2012 at 3:48 PM, Ibrahim ibrah...@gmail.com wrote:
Not block, but we use DNS transparent proxy mechanism. We need to do this
as our government request all ISP to block porn sites :-)
Plenty of ways to work around that actually. This stops random people
from accessing porn sites
Hi Suresh,
We create special NAT that all destination use TCP port 25 will be NATed to
one public IP address only. And this public IP address is registered on
most of RBLs. But we are still receiving complaint about spammer from this
public IP address :-)
Regards
Ibrahim
On Tue, Sep 4, 2012 at
Sure you will get it - but there's also spam through various webmail
services, spam through the outbounds of different ISPs etc that you
won't prevent with your approach.
On Tue, Sep 4, 2012 at 3:54 PM, Ibrahim ibrah...@gmail.com wrote:
We create special NAT that all destination use TCP port 25
Ibrahim ibrah...@gmail.com wrote:
We are thinking to block MX queries on our DNS server, so only spammer that
use their own SMTP server will got affected. [...] Any best practice to
block MX query?
Don't do this. It won't hinder spammers and it'll cause problems for legit
users.
Tony.
--
On Tue, Sep 4, 2012 at 6:07 AM, Ibrahim ibrah...@gmail.com wrote:
I've read old archive about blocking SMTP port (TCP port 25). In my current
situation we are mobile operator and use NAT for our subscribers and we
have few spammers, a bit difficult to track it because mostly our
subscribers
On Tue, Sep 04, 2012 at 08:05:06AM -0400, William Herrin wrote:
I also doubt the efficacy of the method. Were this to become common
practice, a spammer could trivially evade it by using his own DNS
software or simply pumping out the address list along with
pre-resolved IP addresses to deliver
- Original Message -
From: William Herrin b...@herrin.us
There are no good subscribers trying to send email direct to a
remote port 25 from behind a NAT.
Users, like myself, running Linux on home computers and laptops; our local
sendmail-equivalents will in fact attempt direct
On Tue, Sep 4, 2012 at 7:44 AM, Jay Ashworth j...@baylink.com wrote:
- Original Message -
From: William Herrin b...@herrin.us
There are no good subscribers trying to send email direct to a
remote port 25 from behind a NAT.
Users, like myself, running Linux on home computers and
What sort of an mta do you run on your laptop that doesnt support smtp auth?
On Tuesday, September 4, 2012, Jay Ashworth wrote:
- Original Message -
From: William Herrin b...@herrin.us javascript:;
There are no good subscribers trying to send email direct to a
remote port 25 from
- Original Message -
From: Suresh Ramasubramanian ops.li...@gmail.com
What sort of an mta do you run on your laptop that doesnt support smtp
auth?
SMTP Auth to *arbitrary remote domains' MX servers*? Am I missing something,
or are you?
Cheers,
-- jra
--
Jay R. Ashworth
- Original Message -
From: John Peach john-na...@johnpeach.com
On Tue, 4 Sep 2012 11:57:38 -0400 (EDT)
Jay Ashworth j...@baylink.com wrote:
SMTP Auth to *arbitrary remote domains' MX servers*? Am I missing
something,
or are you?
I run an MTA on my server and auth to that from
Have your desktop MTA configured to relay through your smarthost with smtp
auth? Howtos for doing this on sendmail, qmail, postfix etc are over a
decade old now.
On Sep 4, 2012 9:28 PM, Jay Ashworth j...@baylink.com wrote:
- Original Message -
From: Suresh Ramasubramanian
On 9/4/12 9:05 AM, Jay Ashworth wrote:
- Original Message -
From: John Peach john-na...@johnpeach.com
On Tue, 4 Sep 2012 11:57:38 -0400 (EDT)
Jay Ashworth j...@baylink.com wrote:
SMTP Auth to *arbitrary remote domains' MX servers*? Am I missing
something,
or are you?
I run an
On 09/04/2012 05:05 AM, William Herrin wrote:
There are no good subscribers trying to send email direct to a
remote port 25 from behind a NAT. The good subscribers are either
using your local smart host or they're using TCP port 587 on their
remote mail server. You may safely block outbound TCP
On Tue, Sep 4, 2012 at 10:44 AM, Jay Ashworth j...@baylink.com wrote:
There are no good subscribers trying to send email direct to a
remote port 25 from behind a NAT.
Users, like myself, running Linux on home computers and laptops; our local
sendmail-equivalents will in fact attempt direct
- Original Message -
From: William Herrin b...@herrin.us
I'm a bad subscriber, Bill?
Okay, fair enough. There are no good users *expecting* to send email
direct to a remote port 25 from behind a NAT. There are some good
users who occasionally run slightly sloppy configurations
- Original Message -
From: Owen DeLong o...@delong.com
I am confused... I don't understand your comment.
It is regularly alleged, on this mailing list, that NAT is bad *because it
violates the end-to-end principle of the Internet*, where each host is a
full-fledged host, able to
On Tue, Sep 4, 2012 at 12:59 PM, Michael Thomas m...@mtcc.com wrote:
On 09/04/2012 05:05 AM, William Herrin wrote:
There are no good subscribers trying to send email direct to a
remote port 25 from behind a NAT. The good subscribers are either
using your local smart host or they're using TCP
On Tue, Sep 4, 2012 at 11:57 AM, Jay Ashworth j...@baylink.com wrote:
What sort of an mta do you run on your laptop that doesnt support smtp
auth?
SMTP Auth to *arbitrary remote domains' MX servers*? Am I missing something,
or are you?
You are. You should be doing SMTP Auth to *your* email
On 09/04/2012 11:55 AM, William Herrin wrote:
On Tue, Sep 4, 2012 at 12:59 PM, Michael Thomas m...@mtcc.com wrote:
On 09/04/2012 05:05 AM, William Herrin wrote:
There are no good subscribers trying to send email direct to a
remote port 25 from behind a NAT. The good subscribers are either
On Sep 4, 2012, at 14:22, Jay Ashworth wrote:
I find these conflicting reports very conflicting. Either the end-to-end
principle *is* the Prime Directive... or it is *not*.
Just because something is of extremely high importance does not mean it still
can't be overridden when there's good
- Original Message -
From: William Herrin b...@herrin.us
SMTP Auth to *arbitrary remote domains' MX servers*? Am I missing
something, or are you?
You are. You should be doing SMTP Auth to *your* email server on which
you have an authorized account and then letting it relay your
On Tue, Sep 4, 2012 at 2:22 PM, Jay Ashworth j...@baylink.com wrote:
It is regularly alleged, on this mailing list, that NAT is bad *because it
violates the end-to-end principle of the Internet*, where each host is a
full-fledged host, able to connect to any other host to perform transactions.
On 9/4/2012 2:22 PM, Jay Ashworth wrote:
- Original Message -
From: Owen DeLong o...@delong.com
I am confused... I don't understand your comment.
It is regularly alleged, on this mailing list, that NAT is bad *because it
violates the end-to-end principle of the Internet*, where
- Original Message -
From: William Herrin b...@herrin.us
That's what firewalls *are for* Jay. They intentionally break
end-to-end for communications classified by the network owner as
undesirable. Whether a particular firewall employs NAT or not is
largely beside the point here.
On 09/04/2012 01:07 PM, David Miller wrote:
There is no requirement that all endpoints be *permitted* to connect to
and use any service of any other endpoint. The end-to-end design
principle does not require a complete lack of authentication or
authorization.
I can refuse connections to port
If you are sending direct SMTP on behalf of your domain from essentially
random locations, how are we supposed to pick you out from spammers that
do the same?
Use your MX or SPF senders as your outbound mail agent, especially if
they are properly configured with full DNS records so we can
On 09/04/2012 09:34 AM, Daniel Taylor wrote:
If you are sending direct SMTP on behalf of your domain from essentially random
locations, how are we supposed to pick you out from spammers that do the same?
Use DKIM.
Mike
Suresh Ramasubramanian wrote:
Have your desktop MTA configured to relay through your smarthost with smtp
auth? Howtos for doing this on sendmail, qmail, postfix etc are over a
decade old now.
What if, your home is also behind NAT or blocked port 25?
Who cares about NAT when you say smtp auth rather than allowing relay for
specific IPs? And if you mean your smarthost is a linux box in your home,
it isn't impossible to get static IP broadband .. which is neither natted
nor port 25 filtered.
On Sep 5, 2012 6:01 AM, Masataka Ohta
On 9/4/12, Rich Kulawiec r...@gsp.org wrote:
You're precisely correct. They've been doing this for many years,
(a) because it's efficient (b) because it evades detection by techniques
that monitor MX query volume (c) because few MX's change often (d) because
it scales beautifully across large
1 - 100 of 111 matches
Mail list logo
