On 2010-10-25 10:12, Manfredo Miserocchi wrote:
does none of you use to block port 25 outbound on mailservers ?
I assume you mean the access (DSL/Cable/modem) networks, hosting
networks should never filter that stuff. And block is hopefully an ICMP
The question is because it seems that some operators
around us (at the moment Vodafone in Italy) does.
Swisscom apparently is sniffing all outbound port 25 traffic and
scanning the content and then rejecting it based on that.
It is still unknown how to turn off the sniffing and just get a ICMP
admin reject for that instead though.
We all know that this is possible if you allows
on port 587, but it requires a client reconfiguration. If you actually
read RFC 2476 you will see the distinction made between "message transfer"
(over port 25) and "message submission". (over port 587).
A mail user agent (MUA), like Thunderbird/Outlook/etc are MUA's and only
do message submission from MUA to MTA.
A Mail Transfer Agent (MTA), like Postfix/Sendmail/etc are MTA's and do
message transfer between MTAs.
MUA's should solely use 587 with authentication, and then IMAP/POP3 to
fetch their email, of course SSL variants should be used there too.
MTA's can provide submission service over 587 and use port 25 (again
with TLS :) for transfering bits.
The actual problem is that a mobile customer cannot
send out his e-mail
from his ISP mailserver, but only from the mobile company one.
Nonsense, just configure it to use port 587 and all is fine. Or do you
run a full-fledged MTA on your mobile node!?
And indeed, MTA's can be configured too to do message submission over
587; generally they are in MUA mode then though where they don't receive
inbound messages over SMTP and a tool like fetchmail is used in that case.
If this will result true, it will be a strong
limitation on the market.
I do not see a 'strong limitation', your customer needs to configure
their machine correctly and somebody needs to upgrade their mail clue.