Carlos E. R. wrote:
On 20/09/2018 22.59, Anton Aylward wrote:
On 2018-09-20 9:16 p.m., Carlos E. R. wrote:
Carlos E. R. wrote:
On 20/09/2018 11.39, Per Jessen wrote:
Carlos E. R. wrote:
On 20/09/2018 10.28, Per Jessen wrote: > Okay, I'm surprised [Telefonica] doen't block that. It's > usually the very first anti-spam measure access providers use. Well, that's the thing, they don't block any port that I know. You may be able to browse windows computers shares across internet here. I remember that I got such attempts when I was using a modem, not a router with NAT. I have not heard of anyone blocking outbound traffic on anything but port 25.
And I like they don't block anything! I find disgusting that Bell is blocking my access to Telefonica. If someone is using the net to spam, kill that person full access, not everybody access to some port.
It is simple, if someone uses port 25, investigate. A waste of time and effort. It is even simpler, block 25, let everyone use 587, as it was always intended. Port 25 is for MTA-to-MTA transfers. I find blocking 25 intrusive on my freedom.
Tough! Post 25 is unencrypted, unverified SMTP, aka free for anyone to use, including hackers, spammer broadcasters and scam artists who use it as an open relay. That is why port 465 &SSL/TLS are used, and why many ISPs also restrict, in various ways, access to known customers.
Again, not true!
Well, people should stop thinking that a port number has any strict tie-in with encryption. It's just TCP/IP. Some port numbers have implicit encryption and every port number has optional encryption, period.
Using port 25 as open relay is not related to it being 25, but to the daemon being set as an open relay! In order for me to send an email via port 25 to anybody that is not also on that machine, all my mail providers require that I identify with login and password!
Thus I do not see any advantage on the submission ports over the 25 port. Both are encrypted, both are not open relays, both are safe!
It's not really about any _advantage_ of one port over another, it's about standards compliance. Port 587 and 465 are standardized for email submission, port 25 is standardized for email exchange. You can do either over any other port, of course.
The reasons are others.
For instance, they decided to block 25 because many bad admins had set open relays, and then they had to create a new service on another different port to allow people to send email... Maybe. That's my tentative interpretation.
The 'open relay' story is long gone, default setups have improved, mail admins have smartened up. Projects such as SORBS have closed up shop, they are not needed. When an access provider blocks outgoing port 25, he prevents all his customers talking directly to any and all mail servers out there. This prevents hijacked PCs bombarding other mailservers and it prevents the access provider getting blacklisted left, right and centre.
The only case in which using the smtp port does not require authentication, per the rules, is that the destination resides on that server.
Which rules are you referring to here? When other mailservers deliver mails to my customers, they talk to 'inbound.example.com', without authentication. We filter the emails and pass the clean ones to our customers. This is a widespread practice in my business. -- Per Jessen, Zürich (18.1°C) http://www.hostsuisse.com/ - virtual servers, made in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org