On 10/25/2011 8:13 AM, William Herrin wrote:
Blocking outbound TCP SYN packets on port 25 from non-servers is
considered a BEST PRACTICE
...
The SMTP submission port (TCP 587) is authenticated and should
generally not be blocked.
Email Submission Operations: Access and Accountability Requirements
<http://www.ietf.org/rfc/rfc5068.txt> IETF BCP
It does not explicitly support blocking outbound port 25, since that's
controversial, but it /does/ require permitting outbound port 587.
d/
Regards,
Bill Herrin
--
Dave Crocker
Brandenburg InternetWorking
bbiw.net