Sean Collins on 27 Aug 2009 14:16:20 -0700


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] Verizon blocking port 25


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


On Aug 27, 2009, at 3:09 PM, Greg Helledy wrote:

>> Port 25 should be reserved for MTA to MTA connections, that's the
>> whole reason why the RFC for using port 587 as a submission port was
>> developed.
>
> Don't email clients default to assume that SMTP will be done on port  
> 25?

Again, if you read RFC 2467 it explains that having clients inject  
mail into the routing network on port 25 was a Bad Thing. Hence the  
ports for submission.


> So if I want to run my own MTA, it's bad if I don't want to spend  
> extra
> money, but fine if I do?

That's not the right way to frame the argument. You are free to run  
your own MTA on whatever IP address you want. I have the same right to  
reject all mail from any IP address that I don't like. It just so  
happens that there are lots of IP addresses that all mail admins don't  
like and would never want to accept mail from. ISPs have been kind  
enough to give us a list of IPs that they agree should not be running  
MTA software.

Now again, if you are complaining about port 25 and you are a MAIL  
SUBMISSION AGENT, which is laid out in the RFC linked above, well  
you're in violation of accepted standards. Tough luck.

I support Verizon's closing of port 25 traffic that does not go to  
their MTA systems. It cuts down on my bandwidth and CPU since It'll  
never even reach my box. They let their network get infested with all  
kinds of crap and made everyone else chew up CPU and bandwidth to  
compensate. Now they've realized that they've got a huge problem and  
they're trying to quickly put a lid on it.

>  The content of my mails is going to be the
> same in either case.

For you, maybe. But thanks to Bill Gates nearly 99% of e-mail traffic  
is spam. I've got to put policies in place to combat that. One of  
those policies is that clients that are coming from residential IP  
addresses need to authenticate in order to inject mail into the  
routing network. If they don't, then they get rejected, since only  
spammers use residential IPs and don't bother to submit credentials.

>  I find this an interesting take on American
> society and the internet, where "buying one's way to legitimacy" is
> commonly-accepted, whether through ssl certs or buying one's way  
> into a
> "good" school district by paying more for a house.  I guess this is
> probably OT.

More than OT, you're completely nuts. You've taken a simple policy and  
turned it into a social commentary. Your whole complaint is that our  
system of trust is validated through the exchange of currency. I buy  
an SSL certificate from a CA and give them money, so that they sign my  
certificate and say "Hey, he's Sean and he gave me some $ to back it  
up."

If you feel uncomfortable with that, start your own CA and validate  
trust through a different scheme. Good luck dealing with high demand.



Thank You,
Sean Collins




-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.12 (Darwin)

iEYEARECAAYFAkqW93wACgkQ9g9WSXiROTHQ/ACeJfN8hmDV3CFYKT9DYV801bqk
GysAoIMX8Xrvr1l1XC6Qd/ySK63g6nGG
=qarf
-----END PGP SIGNATURE-----
___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug