On 2010-10-25 10:12, Manfredo Miserocchi wrote:
Hi all,
does none of you use to block port 25 outbound on mailservers ?
I assume you mean the access (DSL/Cable/modem) networks, hosting networks should never filter that stuff. And block is hopefully an ICMP Admin Reject.
The question is because it seems that some operators around us (at the moment Vodafone in Italy) does.
Swisscom apparently is sniffing all outbound port 25 traffic and scanning the content and then rejecting it based on that.
It is still unknown how to turn off the sniffing and just get a ICMP admin reject for that instead though.
We all know that this is possible if you allows outbound connections on port 587, but it requires a client reconfiguration. If you actually read RFC 2476 you will see the distinction made between "message transfer" (over port 25) and "message submission". (over port 587).
A mail user agent (MUA), like Thunderbird/Outlook/etc are MUA's and only do message submission from MUA to MTA.
A Mail Transfer Agent (MTA), like Postfix/Sendmail/etc are MTA's and do message transfer between MTAs.
MUA's should solely use 587 with authentication, and then IMAP/POP3 to fetch their email, of course SSL variants should be used there too.
MTA's can provide submission service over 587 and use port 25 (again with TLS :) for transfering bits.
The actual problem is that a mobile customer cannot send out his e-mail from his ISP mailserver, but only from the mobile company one.
Nonsense, just configure it to use port 587 and all is fine. Or do you run a full-fledged MTA on your mobile node!?
And indeed, MTA's can be configured too to do message submission over 587; generally they are in MUA mode then though where they don't receive inbound messages over SMTP and a tool like fetchmail is used in that case.
If this will result true, it will be a strong limitation on the market.
I do not see a 'strong limitation', your customer needs to configure their machine correctly and somebody needs to upgrade their mail clue.
Greets, Jeroen