> It stops our mail server from being used as an open relay though?
From outside of your network yes. If one of the computers inside your network is infected your mail-server will happily deliver the spam mails.
> How does blocking 1 specific port stop the issue anyway?
> They can just change the port they connect on?
I don't know of any SMTP-Server that accepts E-Mail on Ports other than 25. Port 587 requires authentification before sending an E-Mail.
I thought most poeple don't accept E-Mails sent from isp-networks with dynamic ip adresseses. Maybe that's not the case and they try to reduce spam this way.
> I was offering an opinion on how to resolve those issues.
> Changing which port accepts the mail is in my opinion pointless.
Nobody changed any ports. E-Mail is still send to port 25 from mail-servers. But if you are a not a mail-server (e.g. a client in a network) you have to use the submission port and authentificate against your isp/comapany mail-server.
you can still use port 25 on your isp mail gateway but now they can filter and rate-limit your emails.
> It's like saying that most burglars come in through the back door so the government blocks everyones back door, they will just come in the front.
not really. it is good practive to only act as mailserver if you are on a static ip and mx records point to your server. none of this is fullfilled by dynamic isp ip adresses. So this just stops the unwanted practice for good.
From outside of your network yes. If one of the computers inside your network is infected your mail-server will happily deliver the spam mails.
> How does blocking 1 specific port stop the issue anyway? > They can just change the port they connect on?
I don't know of any SMTP-Server that accepts E-Mail on Ports other than 25. Port 587 requires authentification before sending an E-Mail.
I thought most poeple don't accept E-Mails sent from isp-networks with dynamic ip adresseses. Maybe that's not the case and they try to reduce spam this way.
> I was offering an opinion on how to resolve those issues. > Changing which port accepts the mail is in my opinion pointless.
Nobody changed any ports. E-Mail is still send to port 25 from mail-servers. But if you are a not a mail-server (e.g. a client in a network) you have to use the submission port and authentificate against your isp/comapany mail-server.
you can still use port 25 on your isp mail gateway but now they can filter and rate-limit your emails.
> It's like saying that most burglars come in through the back door so the government blocks everyones back door, they will just come in the front.
not really. it is good practive to only act as mailserver if you are on a static ip and mx records point to your server. none of this is fullfilled by dynamic isp ip adresses. So this just stops the unwanted practice for good.