Carlos E. R. wrote:
On 21/09/2018 02.40, Per Jessen wrote:
Carlos E. R. wrote:
On 20/09/2018 22.59, Anton Aylward wrote:
On 2018-09-20 9:16 p.m., Carlos E. R. wrote:
Carlos E. R. wrote:
On 20/09/2018 11.39, Per Jessen wrote: > Carlos E. R. wrote: [snip] The reasons are others.
For instance, they decided to block 25 because many bad admins had set open relays, and then they had to create a new service on another different port to allow people to send email... Maybe. That's my tentative interpretation.
The 'open relay' story is long gone, default setups have improved, mail admins have smartened up. Projects such as SORBS have closed up shop, they are not needed.
When an access provider blocks outgoing port 25, he prevents all his customers talking directly to any and all mail servers out there. This prevents hijacked PCs bombarding other mailservers and it prevents the access provider getting blacklisted left, right and centre.
They can be bombarded on submission port the same way.
Nope. Attempts are rejected when authentication isn't successful. I'm not talking about a DDoS attack, just loads of mails.
They were bombarded on port 25 because they had it wide open.
Carlos, it is a mailserver, it is supposed to be "wide open".
The only case in which using the smtp port does not require authentication, per the rules, is that the destination resides on that server.
Which rules are you referring to here? When other mailservers deliver mails to my customers, they talk to 'inbound.example.com', without authentication. We filter the emails and pass the clean ones to our customers. This is a widespread practice in my business.
well, exactly.
If a mail relay server wants to send mail to someone@example.com, it connects to inbound.example.com:25 without authentication.
If it wants to send email to someone@otherexample.com and connects to inbound.example.com:25, authentication will be requested.
No, never. Provided 'example.com' and 'otherexample.com' both belong to customers of ours, there is no authentication required. Why do you think so? It would never work. How would GMX deliver any mails to 'otherexample.com' if they needed to know a userid/password ?? I think we must have some wires crossed here. Remember, we're talking email _exchange_ on port 25, not submission on 587/465. -- Per Jessen, Zürich (18.1°C) http://www.dns24.ch/ - free dynamic DNS, made in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org