<snip>
>> But they have a right to ensure that, and by
forcing you to
>> put that traffic through their server first, they at least
>> have an opportunity to check it.
>> If they force it and don't check, I agree that's overly
>> restrictive. But if they're checking, more power to 'em in my book.
The key word here is FIRST. They are completely preventing me from talking
to a valid application running at 123.123.123.123:25.
<snip>
>> ISPs are also dealing with worm- and
bot-infected servers
>> and clients on their networks spreading email-based
>> infections or becoming remote platforms for spamming.
So block/shutdown the offenders, not the valid users!
<snip>
>> There has to be a balance.
I see NO balance here.
>> > Blocking outbound access
>> > provides NO benefit to ANYONE [except lazy ignorant fools!]
>>
>> I can't respond to this except to say that aside from the
>> fact that this statement is inappropriately inflammatory
>> and doesn't reflect well on your argument, it's completely baseless.
If a person is unable or unwilling to do a competent job,
they would not survive long at my firm. The comment was
perhaps inflammatory, but I still do not see how this provides any benefit
other than
Treating a symtom rather than a cause [which MAY be cheaper].
<snip>
>> > ShadowMail and MailAuthorizeIT
>>
>> Hmmm, I think that's a good use for a VPN (assuming that's
>> a corporate service you're referring to). Or how about
>> just choosing another port? Set up an MTA that will only
>> forward to your Exchange server, and put it on port 50025.
>> I'm not sure all MUAs allow you to configure the SMTP port,
>> but all the ones I use do (and for the record, I mostly use
>> Microsoft-provided MUAs).
Yes a VPN (or even SMTPS) will adress this issue. What has me really "hot
under the collar" right now is that CableVision (
optonline.net) did this
over the weekend with NO NOTIFICATION!
Now I have a large number of clients screaming and blaming MY company [at
least I can point them to the
Place where
optimum.net posted the policy AFTER the fact.
>> In any case, I don't think I'm going
to change your
>> opinion, and you certainly will not change mine. There's
>> been some impassioned discussion of this topic on the NANOG
>> mail list recently as well, I think people are as divided
>> on it as you and I are. But I think everyone can agree
>> that between spamming and mass-mailing worms, the simple
>> elegant utility of email is being brutally tarnished.
I am not looking to change any opinions. I simply ask where there is a
Valid technical benefit of blocking an outboust connection based solely on
the port number. If a specific IP is "doing bad things" on a port, then
block that port, Heck even block the whole IP!