[asterisk-users] OT: fail2ban, spam and mail servers

Randy R randulo2008 at gmail.com
Tue Jul 13 07:09:27 CDT 2010


Hi Gordon,

On Tue, Jul 13, 2010 at 1:55 PM, Gordon Henderson
<gordon+asterisk at drogon.net> wrote:

> Technically/pedantically, users ought to be connecting to port 587 to submit
> their email anyway, with port 25 being reserved for MTA to MTA
> communications, so block 25 for everyone but the MX relaying host and insist
> your users connect on port 587 to relay their outgoing email (with
> smtp-auth)

Yes. The only thing that is delicate here is the "insist" part, but
they'll get over it. "Users" are customers.

> I'd assume that most MTAs listen on 587 these days (as well as 25) - it's
> been in the standards for quite a number of years now. (Introduced in 1998
> in RFC2476)

Yes, if you have that port open. (we do)

> And I don't know about where you are, but where I am (UK) some ISPs are now
> blocking outbound SMTP connections on port 25, or force-proxying them via
> their own email servers, making the use of port 587 almost mandatory -
> BTretail and Orange, and I think AOL do, but there's probably others.
> However it's only a matter of time before they catch up and as soon as the
> spammers start to use that port, the ISPs will block them too.

Yes, more and more providers do this.

So (even before I read your message) I decided to limit port 25 access
to the restricted IP set we know about. This will be an interesting 48
hours or so while we see if the users are still using port 25 :-)

/r



More information about the asterisk-users mailing list