Blocking port 25 inbound won't reduce traffic volume. The zombies and open
relays will still use the bandwidth trying to send the mail. All it'll do
is annoy those of us who run our own mail systems at home (or small
business).

Blocking port 25 outbound is a good idea, because that means that those
machines that have become zombies that were sending messages using the SMTP
engine installed by the spammers will no longer be able to send mail, unless
the spam engine is smart enough to read the Windows registry, detect that a
SMTP relay is in place and then send the messages to the XTRA SMTP box(s)
and have that forward it on.

I've got no problem with Outbound blocking, providing XTRAs SMTP box has the
capacity to handle all outbound requests. Inbound makes little difference
to the average users.

For small business / geeks, it's good that they are offering the ability to
have the ports unblocked on a case by case basis. Though I'm assuming it'll
mean that you need to upgrade to one of the PRO accounts, thus providing a
static IP.

Dave

-----Original Message-----
From: LEE Tet Yoon [mailto:leety@ihug.co.nz]
Sent: Tuesday, 4 April 2006 6:17 a.m.
To: adsl@lists.unixathome.org
Subject: Xtra to close 25/TCP Outbound or Inbound?

At 08:40 p.m. 3/04/2006, you wrote:
>Speaking as someone who spent many years doing ISP tech support, including
dealing with spam, virus payloads and drone hosts...
>
>The _only_ accepted convention nowadays is for SMTP to be driven
>through the ISP you gain internet access through.[1]
>
>With SMTP being entirely seperate to POP3 or IMAP, this policy doesn't
>impact on your ability to use third party mail services.[2]
>
>'nuff said.

Are you sure you're right here? I first read this a few days ago and my
understanding is they intend to block port 25 inbound. Note that the article
you link to specifically mentioned people who run their own servers would be
affected. Perhaps they're planning to block outbound as well but I've never
seen any discussion about people having to make sure they use Xtra's SMTP
server.

 From previous articles I've read, not particularly technical either
computerworld or NZ Herald my understanding is they're trying to ensure
their users don't run open SMTP relays either by configuration errors or due
to worm/bot infection. In theory smarter worm makers would just ensure their
SMTP server bots use different ports but I guess at the moment there are
still enough places where port 25 is not blocked that it's unlikely.

BTW although I know very little about the technical side of spam, I don't
really get why it matters if you use xtra or another SMTP server. AFAIK very
very few Xtra customers use their Xtra accounts to knowling send spam. AFAIK
also most spam nowadays is sent via botnets and the like. Therefore the
bigger problem is open relays who can unwittingly be used to send spam by
spammers. Open relays are only effective if their email actually gets
through and I'm guessing open relays on Xtra often are since if they'll tend
to use the Xtra SMTP server which is trusted. I don't really get why people
using a different SMTP server is a big issue.

For those who don't use Xtra's SMTP server if they are using a server which
they have legitimate access to then I don't get why Xtra would care. I agree
in general nowadays you have to use your ISP's SMTP server which makes sense
but my impression was this was dealt with by the SMTP server not by ISPs
trying to ban people using SMTP servers other then theirs. If an ISP does
decide to accept SMTP traffic from addresses not belonging to them they
generally have a means of verifying their customers. Failing that, they
become open relays.

But AFAIK the way open relays are dealt with is not in trying to stop your
customers using them since this isn't very effective but in ensuring open
relays are closed by detecting them as soon as possible and banning them if
they are not sufficiently closed when the owners informed. If I'm not
mistaken, quite a number of South Korean ISPs particularly have this problem
in not acting fast enough perhaps partially because their admins don't
understand English so a number of servers ban email originating from South
Korean servers.

So in conclusion, my reading is that 25 inbound will be closed, probably not
outbound but I'm not sure. This makes more sense to me then closing outbound
as well although I do realise it'll make big problems for those who
legitimately decide to run their own servers which are properly set up. In
any case, I guess the best thing to do would be to ask Xtra if anyone really
cares. Not being an Xtra customer, I don't give a damn.

--
This message is part of the NZ ADSL mailing list.
see http://unixathome.org/adsl/ for archives, FAQ, and various documents.
To unsubscribe: send mail to majordomo@lists.unixathome.org with
"unsubscribe adsl" in the body of the message
--
This message is part of the NZ ADSL mailing list.
see http://unixathome.org/adsl/ for archives, FAQ,
and various documents.
To unsubscribe: send mail to majordomo@lists.unixathome.org
with "unsubscribe adsl" in the body of the message