Simon Lyall wrote:
>Port 25 is on topic for this list.
It's port 25 that I love. Email turns my crank, I don't know why, it
just does. That is why blocking port 25 got me livid a little earlier.
Apologies to anyone I personally offended, not the intention.
# An apology and mild explaination/history thing:
I seem to have made a few enemies - fairly quickly too! It's cool, I
understand. It's 11pm and I've come back into work to do stuff,
personal and work related. I've been on call for the last 4 years of my
life. The last thing I'd want at 3am is some large customer (e.g.
bloomz.co.nz) paging me because their ISP blocked port 25 and their
wasn't going out, not that this would happen. I do beleive they use a
very clueful ISP :)
# A touch of silliness:
Richard Patterson wrote:
I vote that whatever ISP James Clark uses, block
egress tcp25 dest any
I'm more of an:
~ "iptables -I INPUT -j... block that idiot" guy myself ;)
We'd be talking major operational issues here. For Maxnet, FX Networks,
Telecom and Orcon if your plan came to fruition. I used to work for
Wave when it was good, then it got sold (mid 2004) so we all (bar 1)
moved on to other things (we didn't want to relocate). So, yeah add
Wave and it's new owner Ihug. Oh yeah, and I've had Ihug account and an
Xtra account so do them too. Yes, I'm being silly =P
# And, onto the issue at hand, port 25:
Blocking IP's that don't have matching forward<->reverse DNS is
amazingly effective at putting a huge dent in spam/virus mail. It's
sweet. But for larger email hosting outfits it causes a few problems.
For postfix it's documented here:
Sweet! And checking the documentation a newer feature:
From that you'll get the idea.
When I was a junior at Wave I watched our mail server go from Sendmail
to Postfix. For a while there our systems dude couldn't work out where
the spam had gone, there were a few legit emails going missing aswell.
They where all being 450ed, so it took a while for 'Budda' to work out
that "reject_unknown_client" (the "old" param) had been turned on
the chief sysadmin who had gone away on holiday. He must have thought
it was a good idea at the time, so no real harm done - just something to
look into and fix.
"reject_unknown_client" had to be turned off and that was done fairly
quickly (the next morning, after a 3am changeover).
 "old", still current in Debian's Sarge, my distro of choice. And.
I'm not saying "use Postfix", I don't want to start an MTA war.
The above is all true. It is all my personal opinion. I don't want
anyone to think the way that I do, but maybe that helps some of you guys
understand where I'm coming from. Xtra/Telecom have some brilliant
people working there and I'm sure that many of them lurk.
# Oh, and:
I drink beer, Waikato. Yes, I just used the NZNOG's pickup line ;P
I climb rock. Seems to be a fairly popular sport amongst us computer
geeks. So, if anyone is in the Tron and is a climber drop me an email
(off list is fine) and I may see you there if it's one of the nights I
happen to be going.
I also run with the Hamilton City Hawks, so any runners out there can
find me and hook me in the guts, anytime :)
Sweet. I'm done. I hope my last two emails will be recieved well.
Goodnight (that was a lot of words...).