on 6/27/2012 7:26 AM Götz Reinicke spake the following: > Am 27.06.12 16:08, schrieb Tilman Schmidt: >> Am 27.06.2012 11:15, schrieb Götz Reinicke: >>> Am 27.06.12 10:29, schrieb Fajar Priyanto: >> >>>> 1. Many malware have their own smtp and can send spam directly. >>>> To overcome this, block port tcp 25 on your gateway, and only allow >>>> your mailserver. >> >>> Hi, thanks for your suggestion. But for the mentioned clients thats not >>> possible. :/ [...] >>> We do have about 100th of freelancers 'flying in and out' of our academy >>> which we cant 'restrict' by forcing tham to change there clients settings. >> >> Nobody *needs* port 25 from their client to a public server. >> Port 25 is intended for forwarding mail from one server to the >> next, not for submitting mail from a client to its server. >> The standard port for sending mail from a client is 587, the >> mail submission port. Using port 25 for that is arguably a >> configuration error which should be corrected. >> >> What's more, blocking outbound port 25 is generally recommended >> practice and standard for many ISPs, so your freelancers will >> often face the same restriction on their home LAN, Internet >> cafe or wherever else they may want to write e-mails, adding >> to their motivation to fix their configuration instead of >> arguing with you. > > Hi, > > you dont know the resistant to advice of our users .... ;) > > Any kind of plea fails most time, and as long as a lot of ISP and > Mail-Hosters still allow and offer port 25 in the docs it is hard to > tell why our users should change because we'r faced with problems. > > Long story short: I advised the use of port 587 two hours ago. > > FYI since than I had 169 outgoing connections to port 20 and 1 to 587. :) > > cheers . Götz fighting spam and resistant to advice > Block port 25, and they will comply, or not send mail... People are resistant to change, until they NEED to change...