Re: bug reporting workflow is outdated

To: Paul Wise <pabs@debian.org>
Cc: debian-devel@lists.debian.org
Subject: Re: bug reporting workflow is outdated
From: Henrique de Moraes Holschuh <hmh@debian.org>
Date: Mon, 23 May 2011 08:01:24 -0300
Message-id: <[🔎] 20110523110124.GA10676@khazad-dum.debian.net>
In-reply-to: <[🔎] BANLkTinS=usaRQeTD0sR33CcqgfxZuyxow@mail.gmail.com>
References: <[🔎] BANLkTi=FGSbvxG7adBThc_3L+moU0KmhfA@mail.gmail.com> <[🔎] 87fwo6uwl1.fsf@frosties.localnet> <[🔎] BANLkTinS=usaRQeTD0sR33CcqgfxZuyxow@mail.gmail.com>

On Mon, 23 May 2011, Paul Wise wrote:
> On Mon, May 23, 2011 at 7:47 AM, Goswin von Brederlow <goswin-v-b@web.de> wrote:
> > The only advantage of this would be for systems that firewall outgoing
> > mail conections but allow http or have a http proxy but no smarthost.
> 
> There are a *lot* of ISPs that do this. My ISP does this so I have to
> send mail via SSH tunnel or webmail.

It is now a best-standard-practice for ISPs to block port 25 traffic across
home-user access network borders.  It is being done on purpose to leverage
packet-filtering hardware and the distributed architecture characteristics
of access/border network filtering (which is already there).  Its objectives
are: reduce the overhead on MTAs everywhere due to spambot connections, and
reduce the number of botnet-caused incident complaints.

Users are now supposed to use ESMTPSA over port 587 to submit email (that
would be ESMTP with TLS+SMTP AUTH) to any email provider (including his own
ISP).  Port 25 is now reserved for static MTA-MTA (i.e. MX) traffic.

>From our (Debian) PoV, whether one agrees with port-25 blocking policy or
not doesn't matter.  It is already deployed to several million users
worldwide (which likely means at least several thousand Debian users), many
of which will not configure their local MTAs to forward email, and instead
just configure their MUAs.

We have to deal with it somehow.

Anyway, on this new port 587 world, to have reportbug reliably submit BTS
email on unconfigured local networks, it would have to use ESMTPS (or
deep-inspection firewalls will kill the tcp session off) over port 587.

And the receiving gateway would have to localy validate that the destination
are acceptable addresses (@bugs.debian.org), and also validate the sending
domain (to reduce spam and guarantee a return path for further bug
processing), etc.

Whether it is easier to do that or instead switch to a https application
gateway, I don't know.

-- 
  "One disk to rule them all, One disk to find them. One disk to bring
  them all and in the darkness grind them. In the Land of Redmond
  where the shadows lie." -- The Silicon Valley Tarot
  Henrique Holschuh

Reply to:

Follow-Ups:
- Re: bug reporting workflow is outdated
  - From: Timo Juhani Lindfors <timo.lindfors@iki.fi>

References:
- bug reporting workflow is outdated
  - From: Pedro Larroy <pedro.larroy@gmail.com>
- Re: bug reporting workflow is outdated
  - From: Goswin von Brederlow <goswin-v-b@web.de>
- Re: bug reporting workflow is outdated
  - From: Paul Wise <pabs@debian.org>

Prev by Date: Bug#627659: ITP: pythonwebkit -- Python DOM (HTML5) Bindings to Webkit
Next by Date: Re: bug reporting workflow is outdated
Previous by thread: Re: bug reporting workflow is outdated
Next by thread: Re: bug reporting workflow is outdated
Index(es):
- Date
- Thread