Linux Archive

Linux Archive (http://www.linux-archive.org/)
-   CentOS (http://www.linux-archive.org/centos/)
-   -   How to handel smtp to public servers - done (http://www.linux-archive.org/centos/677790-how-handel-smtp-public-servers-done.html)

Götz Reinicke 06-27-2012 02:26 PM

How to handel smtp to public servers - done
 
Am 27.06.12 16:08, schrieb Tilman Schmidt:
> Am 27.06.2012 11:15, schrieb Götz Reinicke:
>> Am 27.06.12 10:29, schrieb Fajar Priyanto:
>
>>> 1. Many malware have their own smtp and can send spam directly.
>>> To overcome this, block port tcp 25 on your gateway, and only allow
>>> your mailserver.
>
>> Hi, thanks for your suggestion. But for the mentioned clients thats not
>> possible. :/ [...]
>> We do have about 100th of freelancers 'flying in and out' of our academy
>> which we cant 'restrict' by forcing tham to change there clients settings.
>
> Nobody *needs* port 25 from their client to a public server.
> Port 25 is intended for forwarding mail from one server to the
> next, not for submitting mail from a client to its server.
> The standard port for sending mail from a client is 587, the
> mail submission port. Using port 25 for that is arguably a
> configuration error which should be corrected.
>
> What's more, blocking outbound port 25 is generally recommended
> practice and standard for many ISPs, so your freelancers will
> often face the same restriction on their home LAN, Internet
> cafe or wherever else they may want to write e-mails, adding
> to their motivation to fix their configuration instead of
> arguing with you.

Hi,

you dont know the resistant to advice of our users .... ;)

Any kind of plea fails most time, and as long as a lot of ISP and
Mail-Hosters still allow and offer port 25 in the docs it is hard to
tell why our users should change because we'r faced with problems.

Long story short: I advised the use of port 587 two hours ago.

FYI since than I had 169 outgoing connections to port 20 and 1 to 587. :)

cheers . Götz fighting spam and resistant to advice
--
Götz Reinicke
IT-Koordinator

Tel. +49 7141 969 82 420
Fax +49 7141 969 55 420
E-Mail goetz.reinicke@filmakademie.de

Filmakademie Baden-Württemberg GmbH
Akademiehof 10
71638 Ludwigsburg
www.filmakademie.de

Eintragung Amtsgericht Stuttgart HRB 205016

Vorsitzender des Aufsichtsrats:
Jürgen Walter MdL
Staatssekretär im Ministerium für Wissenschaft,
Forschung und Kunst Baden-Württemberg

Geschäftsführer:
Prof. Thomas Schadt



_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Götz Reinicke 06-27-2012 02:28 PM

How to handel smtp to public servers - done
 
Am 27.06.12 16:08, schrieb Tilman Schmidt:
> Am 27.06.2012 11:15, schrieb Götz Reinicke:
>> Am 27.06.12 10:29, schrieb Fajar Priyanto:
>
>>> 1. Many malware have their own smtp and can send spam directly.
>>> To overcome this, block port tcp 25 on your gateway, and only allow
>>> your mailserver.
>
>> Hi, thanks for your suggestion. But for the mentioned clients thats not
>> possible. :/ [...]
>> We do have about 100th of freelancers 'flying in and out' of our academy
>> which we cant 'restrict' by forcing tham to change there clients settings.
>
> Nobody *needs* port 25 from their client to a public server.
> Port 25 is intended for forwarding mail from one server to the
> next, not for submitting mail from a client to its server.
> The standard port for sending mail from a client is 587, the
> mail submission port. Using port 25 for that is arguably a
> configuration error which should be corrected.
>
> What's more, blocking outbound port 25 is generally recommended
> practice and standard for many ISPs, so your freelancers will
> often face the same restriction on their home LAN, Internet
> cafe or wherever else they may want to write e-mails, adding
> to their motivation to fix their configuration instead of
> arguing with you.

Hi,

you dont know the resistant to advice of our users .... ;)

Any kind of plea fails most time, and as long as a lot of ISP and
Mail-Hosters still allow and offer port 25 in the docs it is hard to
tell why our users should change because we'r faced with problems.

Long story short: I advised the use of port 587 two hours ago.

FYI since than I had 169 outgoing connections to port 25 and 1 to 587. :)

cheers . Götz fighting spam and resistant to advice
--
Götz Reinicke
IT-Koordinator

Tel. +49 7141 969 82 420
Fax +49 7141 969 55 420
E-Mail goetz.reinicke@filmakademie.de

Filmakademie Baden-Württemberg GmbH
Akademiehof 10
71638 Ludwigsburg
www.filmakademie.de

Eintragung Amtsgericht Stuttgart HRB 205016

Vorsitzender des Aufsichtsrats:
Jürgen Walter MdL
Staatssekretär im Ministerium für Wissenschaft,
Forschung und Kunst Baden-Württemberg

Geschäftsführer:
Prof. Thomas Schadt




_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

06-27-2012 02:43 PM

How to handel smtp to public servers - done
 
Götz Reinicke wrote:
> Am 27.06.12 16:08, schrieb Tilman Schmidt:
>> Am 27.06.2012 11:15, schrieb Götz Reinicke:
>>> Am 27.06.12 10:29, schrieb Fajar Priyanto:
>>
>>>> 1. Many malware have their own smtp and can send spam directly.
>>>> To overcome this, block port tcp 25 on your gateway, and only allow
>>>> your mailserver.
>>
>>> Hi, thanks for your suggestion. But for the mentioned clients thats not
>>> possible. :/ [...]
<snip>
> you dont know the resistant to advice of our users .... ;)
<snip>
> Long story short: I advised the use of port 587 two hours ago.
>
> FYI since than I had 169 outgoing connections to port 25 and 1 to 587. :)
>
> cheers . Götz fighting spam and resistant to advice

Hey, give 'em a chance. See what it's like after 24 hours. I suppose then
you could tell them it's a lottery, and you'll select random users to kick
off port 25....

mark

_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Scott Silva 06-27-2012 09:34 PM

How to handel smtp to public servers - done
 
on 6/27/2012 7:26 AM Götz Reinicke spake the following:
> Am 27.06.12 16:08, schrieb Tilman Schmidt:
>> Am 27.06.2012 11:15, schrieb Götz Reinicke:
>>> Am 27.06.12 10:29, schrieb Fajar Priyanto:
>>
>>>> 1. Many malware have their own smtp and can send spam directly.
>>>> To overcome this, block port tcp 25 on your gateway, and only allow
>>>> your mailserver.
>>
>>> Hi, thanks for your suggestion. But for the mentioned clients thats not
>>> possible. :/ [...]
>>> We do have about 100th of freelancers 'flying in and out' of our academy
>>> which we cant 'restrict' by forcing tham to change there clients settings.
>>
>> Nobody *needs* port 25 from their client to a public server.
>> Port 25 is intended for forwarding mail from one server to the
>> next, not for submitting mail from a client to its server.
>> The standard port for sending mail from a client is 587, the
>> mail submission port. Using port 25 for that is arguably a
>> configuration error which should be corrected.
>>
>> What's more, blocking outbound port 25 is generally recommended
>> practice and standard for many ISPs, so your freelancers will
>> often face the same restriction on their home LAN, Internet
>> cafe or wherever else they may want to write e-mails, adding
>> to their motivation to fix their configuration instead of
>> arguing with you.
>
> Hi,
>
> you dont know the resistant to advice of our users .... ;)
>
> Any kind of plea fails most time, and as long as a lot of ISP and
> Mail-Hosters still allow and offer port 25 in the docs it is hard to
> tell why our users should change because we'r faced with problems.
>
> Long story short: I advised the use of port 587 two hours ago.
>
> FYI since than I had 169 outgoing connections to port 20 and 1 to 587. :)
>
> cheers . Götz fighting spam and resistant to advice
>
Block port 25, and they will comply, or not send mail... People are resistant
to change, until they NEED to change...



_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Emmanuel Noobadmin 06-28-2012 04:04 AM

How to handel smtp to public servers - done
 
On 6/27/12, Götz Reinicke <goetz.reinicke@filmakademie.de> wrote:
> Long story short: I advised the use of port 587 two hours ago.
>
> FYI since than I had 169 outgoing connections to port 20 and 1 to 587. :)

Seriously, just force them. I got so tired of one particular app/mail
server that keep getting blacklisted because of lazy client admin and
users, I sent them a notice that for emergency security reasons,
emails will only be accepted on port 587. Gave them one hour, then
closed 25.

Understandably people screamed for about another hour or so but all of
them ended up on 587 by the end of the day ;)
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Emmett Culley 06-28-2012 02:08 PM

How to handel smtp to public servers - done
 
For the last five years I have been running a captive portal gateway I developed at a number of airports to manage free wireless. There are more that 25K connection each day, and port 25 is blocked for every one of them.

Yes we get complaints, but not often, one every two or three months or so.

Before we blocked port 25 we had to go to spamhaus.org once a month, or so, to request removal of one of more of the gateway's IP addresses from their black lists.

Emmett

On 06/27/2012 09:04 PM, Emmanuel Noobadmin wrote:
> On 6/27/12, Götz Reinicke <goetz.reinicke@filmakademie.de> wrote:
>> Long story short: I advised the use of port 587 two hours ago.
>>
>> FYI since than I had 169 outgoing connections to port 20 and 1 to 587. :)
>
> Seriously, just force them. I got so tired of one particular app/mail
> server that keep getting blacklisted because of lazy client admin and
> users, I sent them a notice that for emergency security reasons,
> emails will only be accepted on port 587. Gave them one hour, then
> closed 25.
>
> Understandably people screamed for about another hour or so but all of
> them ended up on 587 by the end of the day ;)
> _______________________________________________
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
>
>
>



_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos


All times are GMT. The time now is 08:13 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.