Am 18.04.2024 schrieb Sebastian Arcus via mailop <mailop@mailop.org>:
> The mention of HELO is what threw me off - and I kept on thinking > that it's not possible, as port 25 is blocked. But I completely > missed the point that even authenticated connections on 587 will use > HELo - I think? They require auth, so they will use EHLO. :-) Although no difference here. The EHLO/HELO FQDN can't be used to abuse something. If it is the FQDN with matching reverse/forward DNS, it is fine. When submitting mail to 465/587, the machine will use its name (most likely no a FQDN), but that is not a problem because MSAs must not check that name - it would fail most of the time. > So 587/465 could be possibilities. I don't really have qualms with > completely blocking outbound 587/465 if needed - they are mainly > still open because it's the first time I've dealt with issues being > caused by them being open - and I like to try and provide > functionality for users up to the point when it is starting to cause > problems. Unless the cause of the listing is not clearly known, nobody can tell why the machine was listed. You also see: NAT is crap. _______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop