Re: Thanks Idiots! - dslreports.com

Author	All Replies
ChrisN4BSA Premium join:2002-05-31 Clearwater, FL edit: January 29th, @02:01PM	reply to Camelot One Re: Thanks Idiots! This isn't totally true. I'm net admin for a company here in Tampa, and was able to use our company SMTP server (port 25) via my home Roadrunner connection. However - just today we have implemented a new non standard inbound SMTP port that will allow us to get around the port 25 filtering for those employees that are lucky enough (or is that unlucky?) to be on an ISP that blocks port 25 SMTP traffic. And - as much as it sucks, amen for the ISP's blocking port 25. I hate to be punished for clueless users, but if it helps slow down the spread of viruses that spread via email, I'm all for it. I'm sick & tired of having to spend hours every day checking our mail quarantine because of all spam zombies in the wild.
	to forum · permalink · · 2004-01-29 13:59:16 ·
cbs228 Geeks Of The World, Unite join:2000-09-04 Saint Louis, MO	Indeed. For access to business servers or other SMTP servers that your ISP blocks, a simple ipfw rule on the server machine (or the router the server is behind) will fix this: `sudo ipfw add fwd serveraddress,25 tcp from any to me inboundport` Where serveraddress is the address of the server (usually "localhost") and inboundport is the port you want to listen on in addition to 25. NOTE: I'm not responsible for any damage to your machine running this command may incur. Always modify ipfw rules locally as they may interrupt tcp/ip access. Tested on MacOS 10.3.2. -- "If you stare too long into the abyss the abyss stares back at you." -Nietzsche GENERAL FAILURE READING ©: DRIVE (A)bort, (R)etry, (F)rivolous Lawsuits, (B)ribe Congress?
	to forum · permalink · · 2004-01-29 17:22:20 ·
pnh102 Reptiles Are Cuddly And Pretty Premium join:2002-05-02 Mount Airy, MD	reply to ChrisN4BSA said by ChrisN4BSA : I hate to be punished for clueless users, but if it helps slow down the spread of viruses that spread via email, I'm all for it. Why not yank access for the idiots who don't bother to secure their machines and/or clean up their systems? -- Do the world a favor, Saddam. Kill yourself.
	to forum · permalink · · 2004-01-29 18:25:04 ·
dilettante join:2002-01-01 Haslett, MI	I've often thought that licensing (certifying) users might be a reasonable tactic. Something where you'd agree to random external audits of your network (scans and other penetration tests, monitoring traffic over an interval). But there are cost and privacy issues I suppose, and it would really cut into the lucrative "granny (grandpaw?) AOL" market of low-use, unsophisticated users. But I have to wonder... wouldn't it make economic sense to offer high bandwidth to "certified" users and lower bandwidth and blocked ports to those "potential problem users" who are likely to get hijacked - at the same or similar prices? If you keep your network clean and properly isolated and your boxes secure and use adequate throttling mechanisms... [takes a breath] any real hazard from running services is minimal. Violations or complaints and you'd get dropped back to the "wild west" service with ports blocked. Sort of a "being responsible grants privileges" policy. But maybe that's precisely where those high-cost commercial offerings come in: you pay for the privilege of being responsible. Everyone else "swims with the fishes" wearing a hardsuit.
dilettante join:2002-01-01 Haslett, MI	to forum · permalink · · 2004-01-30 19:17:06 ·
RARPSL join:1999-12-08 Suffern, NY	reply to ChrisN4BSA said by ChrisN4BSA : This isn't totally true. I'm net admin for a company here in Tampa, and was able to use our company SMTP server (port 25) via my home Roadrunner connection. However - just today we have implemented a new non standard inbound SMTP port that will allow us to get around the port 25 filtering for those employees that are lucky enough (or is that unlucky?) to be on an ISP that blocks port 25 SMTP traffic. And - as much as it sucks, amen for the ISP's blocking port 25. I hate to be punished for clueless users, but if it helps slow down the spread of viruses that spread via email, I'm all for it. I'm sick & tired of having to spend hours every day checking our mail quarantine because of all spam zombies in the wild. The DESIGNATED port to use to inject Email (ie: Send it from a Mail Client) is 587 NOT 25. The problem is that many ISPs are too lazy to activate this port and require SMTP AUTH to access it. Most just say use Port25 and block out-going Port25 to other servers. IMO, ANY ISP that blocks outgoing (to non-ISP Owned SMTP Servers) that DOES NOT accept incoming Email from their customers (while those customers are using Non-ISP Connectivity) on Port 587 is a Hypocrite.
RARPSL join:1999-12-08 Suffern, NY	to forum · permalink · · 2004-01-30 22:27:55 ·


Tuesday, 02-Dec 18:30:45	Terms of Use \| Privacy Policy \| Hosting by www.nac.net - DSL,Hosting & Co-lo \| feedback \| contact over 9 years online! © 1999-2008 dslreports.com. page compression OFF