North American Network Operators Group|
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical
Re: short Botnet list and Cashing in on DoS
On Sun, 10 Oct 2004 15:06:17 -0400, James Baldwin <email@example.com> wrote: > > Pardon for my possibly ill informed interjection. I was under the > impression that the current wind was blowing towards filtering outbound > port 25 traffic while allowing outbound authenticated port 587 traffic? > The though being that while this was not a FUSSP, it help to prevent > unauthenticated "direct to mx" abuses. Well, the wind blows where it wants... 587 and its relatives are useful for enterprise firewall penetration as well as for environments where ISPs incorrectly block port 25, and they make it possible to do SPF and similar sender-ID protocols in those environments (which are otherwise awkward.) For an ISP, you don't just "allow" 587 - the normal definition of Internet service is to allow everything unless there's a good reason not to, as opposed to deny-most firewalls. We've had the "blocking port 25" discussion too many times before, and I'll second Paul Vixie's call to go implement BCP38 first. ---- Thanks; Bill Note that this isn't my regular email account - It's still experimental so far. And Google probably logs and indexes everything you send it.