Simon Lyall wrote:
Port 25 is on topic for this list.
# Sweet: It's port 25 that I love. Email turns my crank, I don't know why, it just does. That is why blocking port 25 got me livid a little earlier. Apologies to anyone I personally offended, not the intention. # An apology and mild explaination/history thing: I seem to have made a few enemies - fairly quickly too! It's cool, I understand. It's 11pm and I've come back into work to do stuff, personal and work related. I've been on call for the last 4 years of my life. The last thing I'd want at 3am is some large customer (e.g. bloomz.co.nz) paging me because their ISP blocked port 25 and their wasn't going out, not that this would happen. I do beleive they use a very clueful ISP :) # A touch of silliness: Richard Patterson wrote:
I vote that whatever ISP James Clark uses, block egress tcp25 dest any
I'm more of an: ~ "iptables -I INPUT -j... block that idiot" guy myself ;) We'd be talking major operational issues here. For Maxnet, FX Networks, Telecom and Orcon if your plan came to fruition. I used to work for Wave when it was good, then it got sold (mid 2004) so we all (bar 1) moved on to other things (we didn't want to relocate). So, yeah add Wave and it's new owner Ihug. Oh yeah, and I've had Ihug account and an Xtra account so do them too. Yes, I'm being silly =P # And, onto the issue at hand, port 25: Blocking IP's that don't have matching forward<->reverse DNS is amazingly effective at putting a huge dent in spam/virus mail. It's sweet. But for larger email hosting outfits it causes a few problems. For postfix it's documented here: http://www.postfix.org/postconf.5.html#reject_unknown_client_hostname Sweet! And checking the documentation a newer feature: http://www.postfix.org/postconf.5.html#reject_unknown_reverse_client_hostnam... From that you'll get the idea. When I was a junior at Wave I watched our mail server go from Sendmail to Postfix. For a while there our systems dude couldn't work out where the spam had gone, there were a few legit emails going missing aswell. They where all being 450ed, so it took a while for 'Budda' to work out that "reject_unknown_client" (the "old"[1] param) had been turned on by the chief sysadmin who had gone away on holiday. He must have thought it was a good idea at the time, so no real harm done - just something to look into and fix. "reject_unknown_client" had to be turned off and that was done fairly quickly (the next morning, after a 3am changeover). [1] "old", still current in Debian's Sarge, my distro of choice. And. I'm not saying "use Postfix", I don't want to start an MTA war. # Disclaimer: The above is all true. It is all my personal opinion. I don't want anyone to think the way that I do, but maybe that helps some of you guys understand where I'm coming from. Xtra/Telecom have some brilliant people working there and I'm sure that many of them lurk. # Oh, and: I drink beer, Waikato. Yes, I just used the NZNOG's pickup line ;P I climb rock. Seems to be a fairly popular sport amongst us computer geeks. So, if anyone is in the Tron and is a climber drop me an email (off list is fine) and I may see you there if it's one of the nights I happen to be going. I also run with the Hamilton City Hawks, so any runners out there can find me and hook me in the guts, anytime :) Sweet. I'm done. I hope my last two emails will be recieved well. Goodnight (that was a lot of words...). -- Cheers, James Clark.