[Dshield] ISP's not blocking egress 25/tcp

Al Reust areust at comcast.net
Mon Jan 26 04:38:46 GMT 2004

This was based on a company in "some" state had office a couple of states 
over. The two basic issues were Sendmail and DNS. You can connect directly 
or relay for (from the ISP provider they relay the mail). If they do not 
relay for a known specific circumstance then you have to connect directly. 
It also means you have to review the contract that you paid for, that is 
your leverage.

The meat of the subject:
While it has been awhile it has been awhile (1997), for sendmail (exchange 
supports also) for a "host" that connects periodically the term/process is 
ETRN. Yes, while it is mostly configure for another "Intermittent MTA, it 
can be configured for an intermittent "single host" connection. The key is 
the "Host Name/IP" in DNS on both ends. Things have to resolve on both 
ends. There are variables depending on what you need/direction you have to 
accomplish on both ends.

For the most part the "ISP" should have configured the appropriate DNS 
entries that would verify the specific "relay IP/host." Then you make host 
entries in your DNS to account for the "out of band IP's" for 
somemachine.mydomain.com. That would resolve to a single IP for the MTA. 
Then you can specify the specific DNS for IP of 123.456.789.012 with a 
subnet mask of which pins it to the specific IP. Sendmail 
is the configured to accept for the IP/Host.

Yes if the gateway is know from the remote end and you have a "Routing 
Wizard" other nice things can happen with the out of band IP's.


At 09:21 PM 1/24/2004 -0500, Alan Frayer wrote:
>On Sat, 2004-01-24 at 08:08, James C. Slora Jr. wrote:
> > If the local ISP requires SMTP authorization, configure that. If they check
> > "From" addresses on outbound mail and reject mismatches, there are
> > workarounds for this too - I don't recall the specifics, though.
>I wish you would recall these workarounds, and, if preferred, send them
>to me off list. I have a few sites that have e-mail trouble because they
>cannot connect to an outgoing SMTP without using their local ISP's
>assigned e-mail address, instead of the one the corporate office paid
>for with their domain.
>Alan Frayer,CNE,CNI,CIW CI,MCP,Net+ - afrayer at frayernet.com
>Member: Independent Consultants Association (ICA)
>Consultants - FREE Directory Listing - http://www.ica-assn.org
>list mailing list
>list at dshield.org
>To change your subscription options (or unsubscribe), see: 

More information about the list mailing list