[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Update to default exit policy
- To: or-talk@xxxxxxxxxxxxx
- Subject: Update to default exit policy
- From: Dawney Smith <dawneysmith@xxxxxxxxxxxxxx>
- Date: Sat, 16 Aug 2008 14:59:33 +0100
- Delivered-to: archiver@xxxxxxxx
- Delivered-to: or-talk-outgoing@xxxxxxxx
- Delivered-to: or-talk@xxxxxxxx
- Delivery-date: Sat, 16 Aug 2008 10:00:06 -0400
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from :user-agent:mime-version:to:subject:x-enigmail-version:openpgp :content-type:content-transfer-encoding; bh=kB/8eW3Re6haobascKCKx094U+YoE/xDsuyxZaLqG9Q=; b=dXCKcksdi6vSDMTqGF0AKRc8+IRqql/89IT6heHZihNkC44m8K7f8/CnhSOE+d7u4J mYahT9ZeR8gW/PRWBlOYOjAqKVo7NxVJv+Q1hdVn4Pp+/JcKcFXalNZtTEm7l0DVQ7kp qD1kidUMEFXsD5OA1P58ar3GWMdaYVf1f37r4=
- Domainkey-signature: a=rsa-sha1; c=nofws; d=googlemail.com; s=gamma; h=message-id:date:from:user-agent:mime-version:to:subject :x-enigmail-version:openpgp:content-type:content-transfer-encoding; b=PM9GzqFRUzk1HUdSrThBx3FumFcMjcsZZuI5mXnbP92gHHDRAtTYMPYrad1W91+BrJ v55h9sOVVf6fLOY2MtDoD59YLPe81bufzURpQNqtJV2BMDTh9ttDWCapOFxdAYz5RaO4 facCiXQBVKOPyDunWu6LzBuonU4t2IvxhSK5g=
- Openpgp: id=5D6281F2
- Reply-to: or-talk@xxxxxxxxxxxxx
- Sender: owner-or-talk@xxxxxxxxxxxxx
- User-agent: Thunderbird 2.0.0.16 (X11/20080724)
Hi,
I know this has been discussed before, but I thought I'd bring it up
again. The following rules are in the default exit policy and I can't
see any reason why they would be:
reject *:465
reject *:587
Those are ports used for mail submission, not for mail relay. They wont
be abused by spammers. ISPs often block their consumer broadband users
from connecting to port 25 on servers outside of their network, to
prevent spam. They don't block 465 and 587, because they're not problem
ports and the point of them is, that you authenticate before sending
mail, unlike port 25. You wouldn't block port 443 to prevent spammers
submitting mail via https://mail.google.com/ so why block these ports?
As I write this, there are only 28 exit nodes spread across 6 countries
that will exit to smtp.gmail.com:465. There's no advantage to blocking
this port, but a clear reduction in anonymity by limiting the nodes
exiting to it.
--
Dawn