---------From: Jeroen Massar jeroen@unfix.org------------- : To avoid problems there, make a simple policy: if found : spreading a virus/spamming and having disabled the blockage: : no Internet for a week. Or a similar measure that can of : course be lifted after paying a fine.
Wouldn't that make customers go to another comany for service?
scott
--- jeroen@unfix.org wrote:
From: Jeroen Massar jeroen@unfix.org To: swinog@swinog.ch Subject: Re: [swinog] does Econophone block port25 Date: Wed, 04 Apr 2007 08:42:20 +0100
Candid Aeby wrote:
Hi
first this is no local decision. We never liked it. I know it is unpopular and i would prefer a better solution. Since Monday Port 25 is blocked for Dial-Up and ADSL connections.
Is that outbound from $customer -> $internet, or is that also for inbound $internet -> $customer?
Having a block on port 25/tcp, 137-139/udp and some other magic virusports is acceptable on end-user IP's. BUT as long as the user of that line has the option to easily turn this off. Eg using a webinterface where they can login using their user/pass and then enable it again, that is disable the block. If that is not possible, then when a user moans about not getting "Internet connectivity" they are quite right.
Users who are not the typical techy, can always use 587 as you indicated and should, in general, keep the block on.
To avoid problems there, make a simple policy: if found spreading a virus/spamming and having disabled the blockage: no Internet for a week. Or a similar measure that can of course be lifted after paying a fine.
Greets, Jeroen
_______________________________________________ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Scott Weeks wrote:
---------From: Jeroen Massar jeroen@unfix.org------------- : To avoid problems there, make a simple policy: if found : spreading a virus/spamming and having disabled the blockage: : no Internet for a week. Or a similar measure that can of : course be lifted after paying a fine.
Wouldn't that make customers go to another comany for service?
Most probably. About three years ago, prior to us becoming a service provider ourselves, we were "just" a customer, and had to sack our provider when they decided to reduce their service by blocking port 25.
Personally, I believe any and all restrictions on an internet connection must be be very clearly and very obviously stated in the product/ service description, and that is something many ISPs neglect to do.
/Per
Sorry but I disagree with Per. ISPs have a duty to prevent email Spam which is a terrible curse for us all. If they decide that blocking port 25 outbound will help then they should do it.
If you are a user, why can't you use the ISPs relay server? If you are a provider you ought to have your own mail server on a fixed IP address.
Of course, one day we need a better protocol than SMTP (*Simple* Mail Transfer Protocol) which was never meant as a global email solution. But until then we have to do something to stop people abusing it.
Just my 2p worth
Jonathan Safe Host Geneva
Per Jessen wrote:
Scott Weeks wrote:
---------From: Jeroen Massar jeroen@unfix.org------------- : To avoid problems there, make a simple policy: if found : spreading a virus/spamming and having disabled the blockage: : no Internet for a week. Or a similar measure that can of : course be lifted after paying a fine.
Wouldn't that make customers go to another comany for service?
Most probably. About three years ago, prior to us becoming a service provider ourselves, we were "just" a customer, and had to sack our provider when they decided to reduce their service by blocking port 25.
Personally, I believe any and all restrictions on an internet connection must be be very clearly and very obviously stated in the product/ service description, and that is something many ISPs neglect to do.
/Per
Jonathan,
Customers don't have just one email address, they have a private one (maybe several) and some from the company. Then they are changing the location from home to the office an back with their notebook. Maybe their mail provider is not the same as the internet service provider. So they want to use the mail server from their mail provider (With authentication of course)
You cannot really expect, that they reconfigure the mail client every time they change the location. (But there is still Port 587!)
Radek
-----Ursprüngliche Nachricht----- Von: swinog-bounces@lists.swinog.ch [mailto:swinog-bounces@lists.swinog.ch] Im Auftrag von jonathan Gesendet: Mittwoch, 11. April 2007 15:31 An: swinog@swinog.ch Betreff: Re: [swinog] Re: blocking ports?
Sorry but I disagree with Per. ISPs have a duty to prevent email Spam which is a terrible curse for us all. If they decide that blocking port 25 outbound will help then they should do it.
If you are a user, why can't you use the ISPs relay server? If you are a provider you ought to have your own mail server on a fixed IP address.
Of course, one day we need a better protocol than SMTP (*Simple* Mail Transfer Protocol) which was never meant as a global email solution. But until then we have to do something to stop people abusing it.
Just my 2p worth
Jonathan Safe Host Geneva
Per Jessen wrote:
Scott Weeks wrote:
---------From: Jeroen Massar jeroen@unfix.org------------- : To avoid problems there, make a simple policy: if found : spreading a virus/spamming and having disabled the blockage: : no Internet for a week. Or a similar measure that can of : course be lifted after paying a fine.
Wouldn't that make customers go to another comany for service?
Most probably. About three years ago, prior to us becoming a service provider ourselves, we were "just" a customer, and had to sack our provider when they decided to reduce their service by blocking port 25.
Personally, I believe any and all restrictions on an internet connection must be be very clearly and very obviously stated in the product/ service description, and that is something many ISPs neglect to do.
/Per
_______________________________________________ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Jonathan wrote:
Sorry but I disagree with Per. ISPs have a duty to prevent email Spam which is a terrible curse for us all. If they decide that blocking port 25 outbound will help then they should do it.
Just for the record - I don't have any problem with ISPs blocking ports or otherwise offering a restricted service. That is something for the ISP to decide. Where I have a problem is when such an ISP does not very clearly make people aware of this - quite often such restrictions are hidden under various obscure clauses in the AGBs.
If you are a user, why can't you use the ISPs relay server? If you are a provider you ought to have your own mail server on a fixed IP address.
In the case I mentioned, we were on a business line with a range of fixed IPs, but the blocking of port 25 was introduced over all, and the ISP refused to make exceptions, so we cancelled the line immediately (after finding a more flexible provider).
/Per
Jonathan,
Sorry but I disagree with Per. ISPs have a duty to prevent email Spam which is a terrible curse for us all. If they decide that blocking port 25 outbound will help then they should do it.
If you are a user, why can't you use the ISPs relay server? If you are a provider you ought to have your own mail server on a fixed IP address.
You'd be amazed how many companies operate their own mail servers, even behind dynamic addresses (in which case they usually use some mailbox polling mechanism to feed their server from mail from the outside), but send outgoing mail directly with SMTP.
Of course, one day we need a better protocol than SMTP (*Simple* Mail Transfer Protocol) which was never meant as a global email solution. But until then we have to do something to stop people abusing it.
But by killing the payload, not the messenger, please...
Cheers, Markus
On Wednesday 11 April 2007 19:26:39 Markus Wild wrote:
You'd be amazed how many companies operate their own mail servers, even behind dynamic addresses (in which case they usually use some mailbox polling mechanism to feed their server from mail from the outside), but send outgoing mail directly with SMTP.
Which after all is still quite possible if they use the ISP's MX as smart host which they should do anyhow considering how many people outright block mails from dynamic IPs.
Seems to me that the benefit of cutting down on Spam would be worth the trouble of using port 587...
Seems to me that the benefit of cutting down on Spam would be worth the trouble of using port 587...
Blocking port 25 is just a quick-n-dirty 'fix'.
What will happen when virus-writers are going to spam using 587 (The credentials are stored on the users PC anyway..)?
What would people do to stop blog-spamming? Blocking port 80 sounds like fun.
Spam will be there as long as you can make money with it.
Adrian Ulrich wrote:
Seems to me that the benefit of cutting down on Spam would be worth the trouble of using port 587...
Blocking port 25 is just a quick-n-dirty 'fix'.
What will happen when virus-writers are going to spam using 587 (The credentials are stored on the users PC anyway..)?
Well, the point with submission (587) is that it is authenticated. As such it is very easy to pinpoint which exact user is doing this. Of course now they could steal the credentials and send it over their botnet to another host (oh oh I give ideas away ;) but it should be fairly easy for the ISP to block that single account from spamming the world. Much easier than "oh that IP, where did that hacked dsl line asking for a new dhcp go to" which is also easy with the right management tools but clearly no ISP seem to have that. At least not the ones that need it, the clued ones do have those mechanisms in place and either filter that specific customer directly putting them into a quarantine zone and/or call the customer up.
[..]
Spam will be there as long as you can make money with it.
Yep ;)
Greets, Jeroen
On the Wed, Apr 11, 2007 at 02:31:30PM +0100, jonathan blubbered:
Hi.
Sorry but I disagree with Per. ISPs have a duty to prevent email Spam which is a terrible curse for us all. If they decide that blocking port 25 outbound will help then they should do it.
If you are a user, why can't you use the ISPs relay server? If you are a provider you ought to have your own mail server on a fixed IP address.
What good is blocking port 25 for outgoing mail anyway, if your mailserver is as open as a barn door?
Furthermore, what does a spammer care? He relays his spam through dozens or hundreds of zombie hosts, which in turn relay the spam through their providers MX relay, filling up the queue and entering the MX into every imaginable blacklist existing. I hope, this will answer your question, why someone does not necessarily wants to use the ISPs relay server at all costs.
CU, Venty
On Wed, 2007-04-11 at 14:31 +0100, jonathan wrote:
Sorry but I disagree with Per. ISPs have a duty to prevent email Spam which is a terrible curse for us all. If they decide that blocking port 25 outbound will help then they should do it.
Well, preventing customers to use Windows(tm) boxes behind broadband accesses would help much much more to prevent spam. *scnr*
If you are a user, why can't you use the ISPs relay server? If you are a provider you ought to have your own mail server on a fixed IP address.
Because there are pretty much KMU, which are having their own mail server, which is hard to set up if you have to use a relay server with authentication. Some Exchanges still don't support that.
If I was a customer, blocking a relevant port is a service downgrade (without proper information) and I would pretty hard insist in cancling the contract.
Have a nice day! - Dan
-
Adrian Ulrich -
Daniel Kamm -
Gabriel Ambuehl -
Jeroen Massar -
jonathan -
Markus Wild -
Martin Ebnoether -
Per Jessen -
Radek Mrskos -
Scott Weeks