Date: Wed, 29 Oct 2008 17:21:59 -0500 From: Jeffrey Goldberg <jeffrey@goldmark.org> To: Jeremy Chadwick <koitsu@FreeBSD.org> Cc: freebsd-questions@freebsd.org Subject: Re: MTA on non-standard port Message-ID: <9085B850-9271-40D9-A64D-84DF64F14E2E@goldmark.org> In-Reply-To: <20081027002359.GA7165@icarus.home.lan> References: <20081026235553.GA45810@ezekiel.daleco.biz> <20081027002359.GA7165@icarus.home.lan>
next in thread | previous in thread | raw e-mail | index | archive | help
On Oct 26, 2008, at 7:23 PM, Jeremy Chadwick wrote: > 1) Incoming SMTP (e.g. someIP:* --> yourIP:25) > 2) Outbound SMTP (e.g. yourIP:* --> someIP:25) > > #2 has become prominent in the past few years, and is applied by ISPs > because they want to curb their customers sending spam out onto the > Internet (usually as a result of viruses, trojans, etc.), getting > their > IPs blocked by DNSBLs and giving them a bad social rep. Instead, they > force customers to relay outbound mail through their own SMTP servers > (called a "smart host" in sendmail terms). > > There's absolutely no way around this; you can beg them all you want, > but the chances of them adding a pass-through for you is very slim. If you want to do direct to MX mailing, you are going to need to negotiate that separately. At the very least you will need a static IP address. If you pay for that, then you will probably be allowed to do direct to MX mailing. On the whole, I think that Access Service Providers are right in this policy. Back in the old days of smaller ASPs, there were several that had a simple policy. You could be allowed destination:25 traffic merely by asking for it. They figured that anyone smart enough to ask for it knew what they were doing. But it was blocked by default. But keep in mind that if you don't have a static IP address, the mail hosts you try to reach are also very likely to block you. > The Linksys router has two outbound firewall rules applied to it: it > only allows bsdIP on my LAN to connect to someIP:25,587 -- thus, only > one machine on my LAN is allowed to speak SMTP to the world. I do > this > purely as a precautionary measure (in case one of my friends comes > over > with his/her laptop, which happens to be infected and sends spam, etc. > -- it won't work, period). Wise choice. I wish more home and business networks did that. > Eventually they stated that I could send mail through their mail > servers > on port 587. I quickly set this up, and found it failed -- their > servers require SMTP AUTH on port 587, no exceptions (note: this is > NOT mandatory by the RFC; it's OPTIONAL). Again. I think that this is fit and proper. > The reason I do not like siphoning mail through Comcast: their mail > servers are known to act wonky or /dev/null mail for mysterious > reasons. Then pay money to a company whose business depends on doing mail right. I use fastmail.fm which I highly recommend. > I hope the experience with your ISP is better than mine. Good luck. A business account (needed for a static IP address) is expensive. But don't expect to mail directly to MX (without going through some mailhub, either comcast's or a service that you pay separately for) without one. Cheers, -j
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?9085B850-9271-40D9-A64D-84DF64F14E2E>