Re: anybody else been spammed by "no-ip.com" yet?

["Joel Baker" <lucifer () lightbearer com>]

On Fri, May 10, 2002 at 11:27:10AM +1000, Terence Giufre-Sweetser wrote:
> Now there's a good idea, and it works, I have several sites running a
> "port 25" trap to stop smtp abuse.
>
> To stop port 25 abuse at some schools, the firewall grabs all outgoing
> port 25 connections from !"the mail server", and to !"the mail server",
> and runs then via "the mail server", which stops header forging, mass rcpt
> to: abuse, and vrfy/expn probing. Anything that goes past the filters has
> a nice clear and traceable received by: line.
>
> If a few of the larger pre-paid isp's could simply filter port 25 on their
> accounts, add some sanity checking (like, a user must be using a valid
> email address in the from:/return-path:/reply-to: lines, etc) and reject
> other abuse like rcpt to: stacking.  Plus, add a anti-bulk email check,
> like razor or checksum clearinghouse, (yeah, seriously, checksum the
> outgoing emails, if some humans somewhere have said "this is spam", then
> /dev/null or BOUNCE the outgoing email.)
>
> I'd even be inclined to place these filters at the border to smaller
> downstream isp's, let them register their valid email domains, any user
> from their network trying to send invalid email, or email that is listed
> in razor, just kill it or auto-refer to the abuse desk.
>
> [This may sound expensive, but on reflection, a US$2K box with BSD could
> handle 20Mbps of port 25, remember only port 25, nothing else, you would
> place one behind your dial up infrastructure, or several for a large site,
> and your "transparent smtp proxy" would pay for itself by killing off a
> lot of your abuse@ work.  There was many ways of redirecting the port 25
> packets, have a look at all the good work done on port 80 transparent
> proxies.]
>
> // :), patent pending? No, the concept is hereby commited to the public
> domain. //

Earthlink was doing this for basically all of their consumer-grade (dialup,
most of the ADSL, etc) customers in 1999 (well, almost certainly earlier
than that, but I can only personally speak to it being in place then). It
doesn't stop absolutely everything, but it's a very good 95% first pass
filter. Don't forget to allocate support queue time for explaining to
folks why they can't do SMTP relaying through their other provider where
they have a hosting account, though...

(Business customers were exempted, but paid hefty setup fees and monthly
fees, and if I recall the contract correctly, forfeited all of them for
AUP violations, which explicitly included UCE).

Keeping the filters up to date is often a painful excercise in assignment
coordination testing, too...
-- 
***************************************************************************
Joel Baker                           System Administrator - lightbearer.com
lucifer () lightbearer com              http://users.lightbearer.com/lucifer/