Re: [Lilux-help] port 25 blocking by ISPs

Hi, no need to do a TOFU, you know? On Fri, 2 Jul 2004, Georges Toth wrote: Guess what, @work we have a few dialup lines, normal users of these have only a very few "standard" ports open towards the internal network. The only ones having access to "any" are administrators. No-one ever complained about this. Not a single user (of more than a couple hundred). Your normal internet-surfing 0815 guy will not need much more than DNS, FTP, HTTP, and SMTP via the ISP mailserver - maybe some high ports for stuff like chat, p2p, streaming media. That's exactly the kind of use I'm talking about. People that actually use other stuff - say, SSH - are rather rare. Those relatively clued users could for instance be accomodated by a filter adaptable through some webinterface. I know this is problematic for an ISP. For companies, this is standard policy. That's the current status, indeed. Fact is, it doesn't work out very well. "firewall logs"! You may not notice it, but many an ISP already routes HTTP traffic through a transparent proxy. Many an ISP blocks NetBIOS. Many an ISP has blocked ports to avoid SQL Slammer. etc. If you are using dialup lines, chances are very high that you do not have unfiltered access. It's not "disabled". With the discussed blocking of outbound SMTP traffic except for the ISP mailserver, email still works. For the larger organizations I know of (granted, that's more of a company setting, not ISP), everyone denies outbound SMTP traffic except from the company mailserver. Of course. It still will block a great many options for those spammers. Namely zombies, which make for 80% of spam these days. Sure. But those pesky mailservers usually listen on port 25 only. Have you checked out that article about Comcast. Them alone to implement such a policy has for many people reduced incoming spam by 50%! Greets Eric