Re: [EXIM] (un)blocking dynamic IP addresses [Was: A way to …

Page principale
Supprimer ce message
Répondre à ce message
Auteur: Exim Users Mailing List
Date:  
À: Exim Users Mailing List
Sujet: Re: [EXIM] (un)blocking dynamic IP addresses [Was: A way to do this?]
[ On Tuesday, April 20, 1999 at 02:42:31 (+0300), Vadim Vygonets wrote: ]
> Subject: Re: [EXIM] (un)blocking dynamic IP addresses [Was: A way to do this?]
>
> Quoth Greg A. Woods on Mon, Apr 19, 1999:
> > I think you're way out of line there. Security and privacy alone *are*
> > the reasons such redirects should be done where possible.
>
> Why? What security and privacy do users or ISPs gain if all the
> users' mail passes through the ISP's mailserver?


The same "security" a corporation gets by forcing (on their firewall)
all e-mail to go through the "authorized" corporate e-mail server(s).
There are numerous risks being mitigated by doing this, and while some
don't apply to end ISPs, some do. For example one cable-modem provider
here in Canada does not permit end users to run "business" transactions,
i.e. you're not allowed to run a web server or e-mail server or any
other kind of publicly accessible server -- you're only given one IP
address and it's labelled "dynamic" even if the DHCP lease is very long
and usually renewable. They force all port-80 connects from the modems
to go through their transparent HTTP cache machines, and while they
currently don't actually block port-80 (or port-25) connects to the
machines behind their cable modems, but I know they have considered
doing this.

In theory most end-users could just as easily live on RFC 1918 networks
and never be aware of it because they only use well defined services
that can all be proxied. The only problem with this is that there are
always new services cropping up and end-users want to try them out long
before proxies can be implemented.

> Nobody wants to take this freedom from ISPs, but I prefer my mail
> not to be redirected. They may _advise_ me to send the mail
> through their box, but I don't want them to push me to comply to
> their decisions.


It's their network. They can force you to comply -- it is their right.
You get what you "pay" for.

> What do you mean by paying? I have no money to pay for a
> dedicated line. I, personally, don't pay for a dialup line
> either, but let's suppose, for the sake of the argument, that I
> do. So are you implying that in order to get the priviledge to
> connect to any SMTP server in the world I must pay money? Or are
> you saying that I just must inform my ISP that I want to do it
> and probably sign some form to indicate that I take
> responsibility for my actions?


It depends. There are many ways to "pay" for your freedom. Perhaps you
can simply find a different ISP if you are suddenly finding your
freedoms restricted, or perhaps you can barter for a "better" connection
with some other ISP, or perhaps you can sign a more explicit contract
with your ISP that gives you more direct responsibility for your own
packets. Obviously if you buy a dedicated connection then you'll expect
to be allowed to send and receive any packets that have your IP address
in them, and you'll probably be getting more than one IP address. I do
know some small ISPs who will let end-users roam free provided they sign
an explicit contract to assume responsibility and to state that you will
not do anything abusive. Generally I suspect you'll have to avoid the
big end-ISPs though and that might mean you'll have to pay a little more
because of the economies of scale. Perhaps you can even get a "free"
dedicated connection in return for your skills, though of course the
economy of doing even this varies around the world.

> And as a user, I want the right to connect to any host telnetting
> to any port and debug it if I think it might have a problem. I
> want to know why the mail was not delivered, what happened with
> the primary MX for the domain (whether the mailer daemon died
> there or the route is down), and why the secondary MX barks at
> me.


Your skills are very rare. 99.9% of Internet users today cannot do
anything near this amount debugging, and if they try they're likely to
get it wrong anyway, especially if they use some badly designed tool
that's easy for them to use.

> If the user doesn't know enough about the Net, well, he may as
> well not do all that and call the Tech Support.


Well, yes, but I think that's his ISP's responsibility to correct with
education and/or marketing.

-- 
                            Greg A. Woods


+1 416 218-0098      VE3TCP      <gwoods@???>      <robohack!woods>
Planix, Inc. <woods@???>; Secrets of the Weird <woods@???>


--
*** Exim information can be found at http://www.exim.org/ ***