Slightly OT: Greylisting success or failure stories?

[James Wilkinson]

Paul Howarth wrote:
> However, it does not work from ISPs that block outbound port 25 
> connections, which is why port 587 is recommended for this purpose.
> 
> Anyone seeing port 587 blocked is probably behind a corporate firewall 
> that is blocking everything bar port 80 maybe, and should respect that 
> company's policy of not allowing outbound mail from their network.

For what it's worth, I'd recommend asking.

I would argue that a competently-configured corporate firewall would
block everything in every direction unless there is a business need for
it (for example, SMTP to or from mail servers, HTML from the proxy and
to the web server, DNS from servers. On a suitably flat network, most
PCs don't need a default gateway).

But that doesn't mean that holes won't be opened once a suitable need
has been demonstrated. If a visitor wants to access a particular "home"
server for e-mail purposes, I personally would be more than happy to
open "my" firewall *from* that PC *to* the ports needed on the requested
server. But until I know that it's needed and which port, PC, and server
to allow, I'm going to keep that connection blocked along with
everything else.

One of the best ways of keeping a paranoid ruleset on a firewall is
"keep everything closed until someone moans"!

James.

-- 
James Wilkinson       | We still have enough spare cardboard sitting around
Exeter    Devon    UK | to send a bus by Parcelforce, although not enough
E-mail address: james | wrapping to be sure they wouldn't deliver it broken
@westexe.demon.co.uk  | into two pieces.  -- Alan Cox