From owner-freebsd-current  Fri Sep 24  8:23:40 1999
Delivered-To: freebsd-current@freebsd.org
Received: from gw.nectar.com (gw.nectar.com [209.98.143.44])
	by hub.freebsd.org (Postfix) with ESMTP id BD92A14CF5
	for <current@FreeBSD.ORG>; Fri, 24 Sep 1999 08:23:31 -0700 (PDT)
	(envelope-from nectar@nectar.com)
Received: from spawn.nectar.com (localhost [127.0.0.1])
	by gw.nectar.com (Postfix) with ESMTP
	id F0C2BBE08; Fri, 24 Sep 1999 10:24:37 -0500 (CDT)
X-Mailer: exmh version 2.0.2 2/24/98
X-Exmh-Isig-CompType: repl
X-Exmh-Isig-Folder: mlist/freebsd/current
X-PGP-RSAfprint: 00 F9 E6 A2 C5 4D 0A 76  26 8B 8B 57 73 D0 DE EE
X-PGP-RSAkey: http://www.nectar.com/nectar-rsa.txt
X-PGP-DSSfprint: AB2F 8D71 A4F4 467D 352E  8A41 5D79 22E4 71A2 8C73
X-PGP-DHfprint: 2D50 12E5 AB38 60BA AF4B  0778 7242 4460 1C32 F6B1
X-PGP-DH-DSSkey: http://www.nectar.com/nectar-dh-dss.txt
From: Jacques Vidrine <n@nectar.com>
To: "Rodney W. Grimes" <freebsd@gndrsh.dnsmgr.net>
Cc: current@FreeBSD.ORG
In-reply-to: <199909241000.DAA02083@gndrsh.dnsmgr.net> 
References: <199909241000.DAA02083@gndrsh.dnsmgr.net>
Subject: Filtering port 25 (was Re: On hub.freebsd.org refusing to talk to dialups)
Mime-Version: 1.0
Content-Type: text/plain
Date: Fri, 24 Sep 1999 10:24:37 -0500
Message-Id: <19990924152438.F0C2BBE08@gw.nectar.com>
Sender: owner-freebsd-current@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

[This thread is off topic, but ... ]
On 24 September 1999 at 3:00, "Rodney W. Grimes" <freebsd@gndrsh.dnsmgr.net> wrote:
> Another thing that ISP coulds start doing (we are in process with
> this now, but on a monitoring only basis, instead of a deny we
> just log them) is to block all outbound from AS tcp 25 setup packets.

Monitoring this is not a bad idea.  However, if you are suggesting
that an ISP should /filter/ TCP port 25 packets, I have to disagree
strongly.  Vehemently, even :-)

An ISP is in the business of delivering IP traffic.  An ISP that fails
to deliver ALL packets that are well formed (according to the relevant
IETF standards and have a legitimate source address) is not doing what
they are being payed to do.
 
> This prevents your customers from being something that could get you
> on the RBL or the DUL MAP for bad behavior, it also inforces the use
> of your smart host relay, as it/they is/are the only way to get a
> tcp port 25 setup completed.

Evil!  How does the ISP know I'm not running some other protocol
(which is none of its business) on port 25?  How does it know that I
don't have a policy reason for accessing some other mail server than
its own? 

Don't throw out the baby with the water!

end-of-rant :-)

Jacques Vidrine / n@nectar.com / nectar@FreeBSD.org


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message