[Top] [All Lists]

Re: IP::DOMAIN Associations [Re: Bounce/System Notification Address Verification]

2005-07-09 07:10:38
On Fri, 08 Jul 2005 05:15:34 EDT, "Robert A. Rosenberg" said:

Unless your (ie: The VT.ETU) MSA Mail Servers do not listen on 
Port587 but only Port25 or do support SMTP-over-SSL on Port465, there 
is IMO no reason for their MUA to be pointing (accidentally or not) 
at their current CONNECTIVITY ISP's MSA server.

Good. Want to come down some weekend and reconfigure 70K systems, some of which
are off-site, and some of which are running MUAs that don't understand using
port 587, and the vast majority of which are (a) not under our administrative
control and (b) run by users who don't understand why they need to make changes
and upgrades in perfectly functional systems just so *we* can deploy something
that doesn't seem to provide them any benefit?

that do Outgoing-Port25-blocking (or the user using an old MUA that 
did not support designating what port to use for MSA upload 

Welcome to the real world - one where users run old software, and there are
actual costs involved in changing configurations, and you need to split effort
between "upgrade to all-singing, all-dancing, perfect configuration" and "fix
this week's problem right now because at 2M msgs/day, you can fall behind in
12 hours enough to take 3 days to get caught up".

Deploying the politically correct configuration would be all of 2 hour's work 
us.  Doing it in a manner that the resulting backlash wouldn't get us all fired
is a whole 'nother ball game.  Moving from POP on port 110 to POP/SSL on 995
was a *year long* project, and we *still* got flooded with complaints the day
it went live....

Attachment: pgpXJGZWstyKv.pgp
Description: PGP signature