[Mimedefang] OT: Blocking Port 25
Matthew Schumacher
matt.s at aptalaska.net
Mon Jan 29 16:07:44 EST 2007
Ben Kamen wrote:
> David F. Skoll wrote:
>> I suspect Ben meant: "What's the consensus on blocking outbound
>> port 25 for home users? (DSL/Cable-Modem/Dialup)"
>
> Yea, I meant to control port 25 egress from nets like Cable/DSL/Dialup
> users...
>
We have 2 rules in our pppoe servers, one that allows port 25 outbound
to the ISP's mail server, and one that allows port 25 outbound to the
Internet. In our customer provisioning tool we have a checkbox that
allows you to set which rule is bound to the virtual interface at login.
This allows us to pick and choose who we block. By default we block
port 25, but if the customer calls and has a good reason and we believe
the can be trusted to use port 25 then we will omit them from port 25
filtering. If they don't have a good reason we will walk them though a
workaround such as using our smtp server for relay or sending a request
to their admin to allow them to relay using smtps/smtpauth on port 465.
This solution pretty much stopped spam from originating from our
network, but yet accommodates people like David since having a static IP
and managing a mail system is a good enough reason to get me to omit the
filtering.
schu
More information about the MIMEDefang
mailing list