Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
Groups > comp.protocols.dns.bind > #15706
| From | Michael De Roover <isc@nixmagic.com> |
|---|---|
| Newsgroups | comp.protocols.dns.bind |
| Subject | Re: DoH plugin for BIND |
| Date | 2020-05-02 16:08 +0200 |
| Message-ID | <mailman.329.1588428499.942.bind-users@lists.isc.org> (permalink) |
| References | (6 earlier) <002174a6-4025-fad1-afea-0e96f40d2ff0@thelounge.net> <20200502093032.09f4b5cf@ime1.iment.local> <dbcfcbfc-c092-88fe-f6ba-7cedfa45127d@nixmagic.com> <c1cda6ec-0f6c-4a1b-899b-8f7ea1dade43@thelounge.net> <f4909caa-a15b-2b7b-10f6-73aab5f8b796@nixmagic.com> |
To put it very simply, I consider myself very lucky that I have control over every mail client that interfaces with my mail server. Most of them are well-behaved and use 587 for submission. My mail server has also disabled it on port 25 to reduce spam. Port 587 on my mail server is also only visible within my VPN's to allow submission only within. That is an edge case and a privilege since all the mail clients are local. If your mail clients go outside your network or VPN's, that's when you'll need to either expose 587 to the internet or allow it on 25, with all those related issues. Submission on port 25 is something I disabled on my mail server since it reduces the amount of spamhausen that try to submit email to my mail server, assuming that it's an open relay. It's purely traffic- and load-related. The reason why residential ISP's disallow it - to my knowledge which is admittedly limited - is because few postmasters consider the limitations that are applied to residential connections in general endurable. That includes dynamic IP's, down-/upload ratio, blocked ports, lack of SLA, and many other things. As far as the "completl different story" goes, it's part of a whole. Good luck getting deliverability to other mail servers from a residential range even if the ISP itself allows it. Mail servers are an inherently reputation-driven thing. Reputation of your sender IP addresses to be precise. Is it good? No, email sucks. If you can get away with not running a mail server, don't run one. They suck so much. But if you do, a home IP is not where you'll want to start regardless. Get a VPS if anything. On 5/2/20 3:51 PM, Reindl Harald wrote: > > Am 02.05.20 um 15:41 schrieb Michael De Roover: >> In my experience and from what I've heard, very few. > if that would be true how comes that most mail clients still default to > 25 for submission and years after closing port 25 on our mailserver i > still struggle with customers smartphones still not using 587? > > in fact 10 years ago some ISP's *tried* to kill outbound port 25 because > there is no point in using it from a homemachine and at that time we > struggeled also to explain our customers that 25 is plain wrong > > finally they gave up because the damage of open port 25 is killed with > dnsbl but the customer support went crazy with "why can't i send email > with my internet connection" > >> Even if your ISP allows it, chances are that other mail servers will reject it > that's a completl different story > >> On 5/2/20 3:30 PM, Paul Kosinski via bind-users wrote: >>> How many ISPs allow traffic on port 25? My impression is that even many >>> (non-enterprise) business customers can't use port 25 > _______________________________________________ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users -- Met vriendelijke groet / Best regards, Michael De Roover
Back to comp.protocols.dns.bind | Previous | Next | Find similar
Re: DoH plugin for BIND Michael De Roover <isc@nixmagic.com> - 2020-05-02 16:08 +0200
csiph-web