Date: Fri, 24 Sep 1999 10:24:37 -0500 From: Jacques Vidrine <n@nectar.com> To: "Rodney W. Grimes" <freebsd@gndrsh.dnsmgr.net> Cc: current@FreeBSD.ORG Subject: Filtering port 25 (was Re: On hub.freebsd.org refusing to talk to dialups) Message-ID: <19990924152438.F0C2BBE08@gw.nectar.com> In-Reply-To: <199909241000.DAA02083@gndrsh.dnsmgr.net> References: <199909241000.DAA02083@gndrsh.dnsmgr.net>
next in thread | previous in thread | raw e-mail | index | archive | help
[This thread is off topic, but ... ] On 24 September 1999 at 3:00, "Rodney W. Grimes" <freebsd@gndrsh.dnsmgr.net> wrote: > Another thing that ISP coulds start doing (we are in process with > this now, but on a monitoring only basis, instead of a deny we > just log them) is to block all outbound from AS tcp 25 setup packets. Monitoring this is not a bad idea. However, if you are suggesting that an ISP should /filter/ TCP port 25 packets, I have to disagree strongly. Vehemently, even :-) An ISP is in the business of delivering IP traffic. An ISP that fails to deliver ALL packets that are well formed (according to the relevant IETF standards and have a legitimate source address) is not doing what they are being payed to do. > This prevents your customers from being something that could get you > on the RBL or the DUL MAP for bad behavior, it also inforces the use > of your smart host relay, as it/they is/are the only way to get a > tcp port 25 setup completed. Evil! How does the ISP know I'm not running some other protocol (which is none of its business) on port 25? How does it know that I don't have a policy reason for accessing some other mail server than its own? Don't throw out the baby with the water! end-of-rant :-) Jacques Vidrine / n@nectar.com / nectar@FreeBSD.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19990924152438.F0C2BBE08>