[CentOS] How to handel smtp to public servers - done

on 6/27/2012 7:26 AM Götz Reinicke spake the following:
> Am 27.06.12 16:08, schrieb Tilman Schmidt:
>> Am 27.06.2012 11:15, schrieb Götz Reinicke:
>>> Am 27.06.12 10:29, schrieb Fajar Priyanto:
>>
>>>> 1. Many malware have their own smtp and can send spam directly.
>>>> To overcome this, block port tcp 25 on your gateway, and only allow
>>>> your mailserver.
>>
>>> Hi, thanks for your suggestion. But for the mentioned clients thats not
>>> possible. :/ [...]
>>> We do have about 100th of freelancers 'flying in and out' of our academy
>>> which we cant 'restrict' by forcing tham to change there clients settings.
>>
>> Nobody *needs* port 25 from their client to a public server.
>> Port 25 is intended for forwarding mail from one server to the
>> next, not for submitting mail from a client to its server.
>> The standard port for sending mail from a client is 587, the
>> mail submission port. Using port 25 for that is arguably a
>> configuration error which should be corrected.
>>
>> What's more, blocking outbound port 25 is generally recommended
>> practice and standard for many ISPs, so your freelancers will
>> often face the same restriction on their home LAN, Internet
>> cafe or wherever else they may want to write e-mails, adding
>> to their motivation to fix their configuration instead of
>> arguing with you.
> 
> Hi,
> 
> you dont know the resistant to advice of our users .... ;)
> 
> Any kind of plea fails most time, and as long as a lot of ISP and
> Mail-Hosters still allow and offer port 25 in the docs it is hard to
> tell why our users should change because we'r faced with problems.
> 
> Long story short: I advised the use of port 587 two hours ago.
> 
> FYI since than I had 169 outgoing connections to port 20 and 1 to 587. :)
> 
> 	cheers . Götz fighting spam and resistant to advice
> 
Block port 25, and they will comply, or not send mail... People are resistant
to change, until they NEED to change...