[Dshield] ISP's not blocking egress 25/tcp (was: spoofed address)

Colin.Simons@shipsoffice.org Colin.Simons at shipsoffice.org
Thu Jan 22 15:51:59 GMT 2004


> Is anyone aware of advantages or complications of blocking outbound
> SMTP that I missed?

You mentioned the case of wanting to run your open MTA. I just got caught with an even simpler problem. I have an "external user" - think of him as a one-man branch office. I just got him set up with the company-standard global-internet-connectivity package and email account. Since using this connectivity package in his country is treated as an international access by the roaming setup I advised him to get a local ISP for the time he is in his own country (to save money.)

Of course, it was only a few hours after his return to his country that the phone rang with the problem that he can receive but not send email. My colleague working with support took the call and only mentioned it to me the following day having already spent some considerable time pinning it down to an outbound port 25 block.

The simple solution was to ask the person to find another local ISP and try again. Now, we are working towards a full pops/smtps setup by the end of the year, but in the meantime to call the spread of outbound smtp blocks a nuisance is to be most polite.

Hopefully I will not be forced to give every travelling worker full VPN access simply to be able to transfer email!

Colin

-- 
Colin Simons
Information Technology Manager
Gute Buecher fuer Alle e.V.
Phone: +49 6261 92630
Fax: +49 6261 2431
Aiming for: servers that serve, workstations that work, users that use!
 




More information about the list mailing list