Re: And so it begins... -- MIDRANGE-L

> No individual mail user (using a mail program) should *EVER* send mail directly to a foreign mail server. It should always send to a local or > authenticated mail server which has been configured to relay the mail for that user.

> The problem Joe encountered is a mail server is rejecting mail from *HIS* mail server because it's IP address is normally allocated to > consumer grade DSL service.

> david

Sorry David, but I have to disagree here.

I completely agree with David on this one. Having port 25 open from everyone in an ISP network is a freight train sized hole to ship spam through. ISPs can scan for spam on the way out, keeping it off the internet completely. In addition all those emails generated by viri and other malware is caught as well.

I have mentioned before that we routinely block port 25 outbound from customer networks from all but the customer's email server exactly for the reason above. Just looking at stats in one customer firewall I see over 18Million messages blocked from non server addresses while about 1.8 milling were allowed out from the server. That's 10 blocked to one delivered!! Then I checked the 'cuda (barracuda spam firewall) and it is showing (for both in and outbound mail) 24.5 million messages blocked and 2.7 million allowed again close to 10 blocked to one allowed.

Now if you really believe that spam will be stopped by educating people on open relay you're living in a dream world. Certainly education is needed but won't solve the problem. Backtracking is way to difficult and time consuming. Stopping spam before it ever leaves the ISP is a much better way to handle it.

I have two domains myself and I email from them all the time. They proceed out through my isp's equipment without issue.

- Larry

The are at least a couple of situations.

One is where someone (like me) has their own domain and their ISP wants
triple $$$ to host it as compared to one of the major hosting providers.
If the user's home ISP blocks port 25, as I have heard Cox and Comcast
have, then they wouldn't be able to send email from their domain since
it would be via a "foreign mail server." Yes, the ISP could allow all
"from domains" through their servers but then the reverse lookup
wouldn't match and it would get marked as spam. Also, if they let
everything through what stops spammers, except #2 below? BTW, while
Sprint was in the pre-paid dial up business they also blocked port 25 so
badly that you could only send mail via a web client which meant only
from your Sprint address.

Second is a business that has people work at home occasionally. It is
not often enough to justify a VPN but they need to respond to customers
and need to use the company's SMTP because the return address is their
company address. The company exists on another ISP. Home workers are a
growing portion of the workforce.

Instead of funneling everything through the ISP's servers it would be
better to:
1) Educate about preventing open relay.
2) Make the ISP have better tracking of customers/times/IPs for
backtracking.
3) Backup the education with major consequences.
4) Make all SMTP server software providers set the initial/default
configuration as closed with the administrator required to open items if
they really need it. The "ease of setup" as justification for  having
the setup start as wide open is pure nonsense.

Roger Vicker, CCP

-- Larry Bolhuis IBM eServer Certified Systems Expert: Vice President iSeries Technical Solutions V5R3 Arbor Solutions, Inc. iSeries LPAR Technical Solutions V5R3 1345 Monroe NW Suite 259 iSeries Linux Technical Solutions V5R3 Grand Rapids, MI 49505 iSeries Windows Integration Technical Solutions V5R3 IBM eServer Certified Systems Specialist (616) 451-2500 iSeries System Administrator for OS/400 V5R3 (616) 451-2571 - Fax AS/400 RPG IV Developer (616) 260-4746 - Cell iSeries System Command Operations V5R2

If you can read this, thank a teacher....and since it's in English, thank a soldier.