[LINK] Question re spoofing with bad reply address

Jeremy Visser jeremy at visser.name
Fri Jul 11 15:35:54 AEST 2014


On 11/07/14 14:27, Stephen Rothwell wrote:
> Well, if for no other reason than that many ISPs insist that you use
> their mail server for outgoing email

Who does this?  I would invite you to name-and-shame them.

But before you do so, check that you are sending outbound as port 587 (STARTTLS) or 465 (TLS).  It's common for providers to block port 25 due to rampant abuse, but as all port 587 or 465 based services are authenticated relays, there is no need to block this.

I know of some ISPs (e.g. Telstra 3G) who block port 25, but that's not the end of the world given that ports 465 and 587 are meant to be used these days for SMTP submission anyway.

(Blocking port 25 on Telstra 3G makes sense because it is a giant CGNAT network.  Think about it this way -- if they _allowed_ port 25, the CGNAT pool would constantly be listed/delisted from blacklists which would affect hundreds of customers at once.)

As a network/systems admin at a small ISP, I personally hate running mail services.  I prefer layers 2-3...layer 7 can get stuffed.  :-)  While I provide an anonymous SMTP relay for customers who for some goddamn stupid reason insist on using one, I do nothing to encourage people to use it, and usually try to talk people out of it.





More information about the Link mailing list