Mailing List Archive

SPF and ISP's restricting SMTP traffic ??'s
We have a corporate email server. Most of our road warriors connect via VPN or Webmail and directly connect to our server for send/receive.

A few users, for various reasons, must use a non-VPN POP3 client. They are also connected through an ISP that requires outgoing mail to be sent via their SMTP server and block attempts tp do otherwise. (i.e., ComCast residential service).

If I understand SPF, this means I would have to have a SPF record for each of these ISP's outgoing SMTP server?

Tom




-------
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=spf-deployment@v2.listbox.com
Re: SPF and ISP's restricting SMTP traffic ??'s [ In reply to ]
You could include their SMTP servers in your SPF record.

Generally, it would be easier to use SASL and have these users submit to your
server via port 587. This port is not blocked or redirected by residential
ISPs in all cases I'm aware of.

Scott K

On 01/25/2006 10:39, Tom Fleischmann wrote:
> We have a corporate email server. Most of our road warriors connect via VPN
> or Webmail and directly connect to our server for send/receive.
>
> A few users, for various reasons, must use a non-VPN POP3 client. They are
> also connected through an ISP that requires outgoing mail to be sent via
> their SMTP server and block attempts tp do otherwise. (i.e., ComCast
> residential service).
>
> If I understand SPF, this means I would have to have a SPF record for each
> of these ISP's outgoing SMTP server?
>
> Tom

-------
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=spf-deployment@v2.listbox.com
Re: SPF and ISP's restricting SMTP traffic ??'s [ In reply to ]
On Wed, 2006-01-25 at 10:39 -0500, Tom Fleischmann wrote:
> We have a corporate email server. Most of our road warriors connect
> via VPN or Webmail and directly connect to our server for
> send/receive.
>
> A few users, for various reasons, must use a non-VPN POP3 client. They
> are also connected through an ISP that requires outgoing mail to be
> sent via their SMTP server and block attempts tp do otherwise. (i.e.,
> ComCast residential service).
>
> If I understand SPF, this means I would have to have a SPF record for
> each of these ISP's outgoing SMTP server?
>
IMHO...
Why not have your external user to use your SMTP server
(opening another port not filtered out by ISP)? and
use authentication or a tools as POPBeforeSMTP to
validate relaying?
Your SPF record should be use to "aprouve" all
mail issued by your own server...



A bientot
--
==========================================================================
Jean-Marc Pigeon Internet: jmp@safe.ca
SAFE Inc. Phone: (514) 493-4280 Fax: (514) 493-1946
Clement, 'a kiss solution' to get rid of SPAM (at last)
Clement' Home base <"http://www.clement.safe.ca">
==========================================================================

-------
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=spf-deployment@v2.listbox.com
Re: SPF and ISP's restricting SMTP traffic ??'s [ In reply to ]
Tom Fleischmann wrote:
> We have a corporate email server. Most of our road warriors connect via
> VPN or Webmail and directly connect to our server for send/receive.
>
> A few users, for various reasons, must use a non-VPN POP3 client. They
> are also connected through an ISP that requires outgoing mail to be sent
> via their SMTP server and block attempts tp do otherwise. (i.e., ComCast
> residential service).
>
> If I understand SPF, this means I would have to have a SPF record for
> each of these ISP's outgoing SMTP server?

We have solved this problem by accepting authenticated outgoing mail on
port 587 (the "submission" port) and setting the roadwarrior client to
always send outgoing mail on this port. ISPs only block port 25.

I do not know how to do this on Exchange, though, since we use Postfix.

Pam

-------
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=spf-deployment@v2.listbox.com
RE: SPF and ISP's restricting SMTP traffic ??'s [ In reply to ]
Tom Fleischmann wrote:
> A few users, for various reasons, must use a non-VPN POP3 client.
> They are also connected through an ISP that requires outgoing mail to
> be sent via their SMTP server and block attempts tp do otherwise.
> (i.e., ComCast residential service).
>
> If I understand SPF, this means I would have to have a SPF record for
> each of these ISP's outgoing SMTP server?

What we do is set up an addition SMTP virtual server on the Exchange server, on a port other than 25 (we use 2525)

We configure that virtual server to require authentication.

We point the users' email clients to that server and port, and configure them to use authentication.

The ISP lets the non-port-25 SMTP traffic through, and we're not an open relay.

--
Matthew.van.Eerde (at) hbinc.com 805.964.4554 x902
Hispanic Business Inc./HireDiversity.com Software Engineer

-------
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=spf-deployment@v2.listbox.com
RE: SPF and ISP's restricting SMTP traffic ??'s [ In reply to ]
Thanks to all for your input.

Tom


-----Original Message-----
From: Matthew.van.Eerde@hbinc.com [mailto:Matthew.van.Eerde@hbinc.com]
Sent: Thursday, January 26, 2006 5:53 PM
To: spf-deployment@v2.listbox.com
Subject: RE: [spf-deployment] SPF and ISP's restricting SMTP traffic
??'s


Tom Fleischmann wrote:
> A few users, for various reasons, must use a non-VPN POP3 client.
> They are also connected through an ISP that requires outgoing mail to
> be sent via their SMTP server and block attempts tp do otherwise.
> (i.e., ComCast residential service).
>
> If I understand SPF, this means I would have to have a SPF record for
> each of these ISP's outgoing SMTP server?

What we do is set up an addition SMTP virtual server on the Exchange server, on a port other than 25 (we use 2525)

We configure that virtual server to require authentication.

We point the users' email clients to that server and port, and configure them to use authentication.

The ISP lets the non-port-25 SMTP traffic through, and we're not an open relay.

--
Matthew.van.Eerde (at) hbinc.com 805.964.4554 x902
Hispanic Business Inc./HireDiversity.com Software Engineer

-------
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=spf-deployment@v2.listbox.com

-------
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=spf-deployment@v2.listbox.com