On 21/09/2018 13.48, Per Jessen wrote:
Carlos E. R. wrote:
On 21/09/2018 02.40, Per Jessen wrote:
Carlos E. R. wrote:
On 20/09/2018 22.59, Anton Aylward wrote:
On 2018-09-20 9:16 p.m., Carlos E. R. wrote:
Carlos E. R. wrote:
> On 20/09/2018 11.39, Per Jessen wrote: >> Carlos E. R. wrote: [snip] The reasons are others.
For instance, they decided to block 25 because many bad admins had set open relays, and then they had to create a new service on another different port to allow people to send email... Maybe. That's my tentative interpretation.
The 'open relay' story is long gone, default setups have improved, mail admins have smartened up. Projects such as SORBS have closed up shop, they are not needed.
When an access provider blocks outgoing port 25, he prevents all his customers talking directly to any and all mail servers out there. This prevents hijacked PCs bombarding other mailservers and it prevents the access provider getting blacklisted left, right and centre.
They can be bombarded on submission port the same way.
Nope. Attempts are rejected when authentication isn't successful. I'm not talking about a DDoS attack, just loads of mails.
Same as with :25 :-)
They were bombarded on port 25 because they had it wide open.
Carlos, it is a mailserver, it is supposed to be "wide open".
Nope :-) It is open only to clients, or to those sending emaisl to clients.
The only case in which using the smtp port does not require authentication, per the rules, is that the destination resides on that server.
Which rules are you referring to here? When other mailservers deliver mails to my customers, they talk to 'inbound.example.com', without authentication. We filter the emails and pass the clean ones to our customers. This is a widespread practice in my business.
well, exactly.
If a mail relay server wants to send mail to someone@example.com, it connects to inbound.example.com:25 without authentication.
If it wants to send email to someone@otherexample.com and connects to inbound.example.com:25, authentication will be requested.
No, never. Provided 'example.com' and 'otherexample.com' both belong to customers of ours,
No, they don't :-) They belong to different providers. -- Cheers / Saludos, Carlos E. R. (from openSUSE 15.0 (Legolas))