Re: [exim] automatically blacklisting clients that fail SMTP

Top Page
Delete this message
Reply to this message
Author: Bill Hayles
Date:  
To: exim-users
Subject: Re: [exim] automatically blacklisting clients that fail SMTP
Hi, Ian

On Mon, 13 Jun 2011 11:22:53 +0000 in message number <7D4D27D9-7411-4022-AD79-1BBF6FFB062F@???>, received here on 13/06/2011 15:48:46, Ian Eiloart <iane@???> said:
>> That's true, but when an ISP blocks outbound port 25, two advantages are gained:


>>
>> 1. The ISP can spot, and deal with customers who are sending spam.


They can (and should) do that anyway. I can only speak of my own experience
with my own ISP (the much maligned, often unfairly, Telefonica de Espana).
They do not block port 25 by default, but if you are found to be spamming,
they block it. It is possible to get it unblocked (for example in the case
of an error or Windows nasty) but they won't keep on doing it.

I run a mailing list for any computer related matters for English speakers
in Spain; they tend to be the more computer literate; a couple have been
blocked when their computer got infected (yes, I know it shouldn't, but
these things happen). That's fine with my server, which they can access on
port 587 (or even port 465) if they wish, but that's not universally true
for all servers.


>
> > (2) The ISP prevents their customer from running any kind of mail server
> > (which is why I use an ISP that explicitly allows it)
>
> That's a real benefit, given that most mail servers are spambots.


In which case the ISP does block port 25 for the specific client (and closes
the account,) which is what my own ISP does as I said. But port 25 is open
unless and until you offend.

It's an "innocent until proven guilty" scenario.

> If you have a need to run your own mail server, then you should have special
> arrangements with your ISP.


I don't disagree with that. My contract with Telefonica expressly allows me
to do just that (and run a web server) for non commercial purposes. It's
not a "special arrangement", just an account option they offer.


> Responsible ISPs will close port 25 by default,
> and probably only open it for business account holders with specific
> requirements. It would be nice if the IP address owner could publish a sort
> of reverse SPF policy, saying which domains are permitted to use the IP
> address.


I have read and re-read that, and I'm still not sure I'm reading it right.
Could you explain it further (and, yes, I do know what SPF records are).


--
This is Spain. We do things differently here!

Bill Hayles
billnot@???