nanog mailing list archives
RE: Lazy network operators
From: "Eric Krichbaum" <eric.krichbaum () citynet net>
Date: Tue, 13 Apr 2004 16:05:41 -0400
We do that here, and I agree it should be a standard practice from the dialup/broadband/etc. provider standpoint. Aren't some of the newer malware/viri using the SMTP setting out of the email client to send through now to get around that anyway? It really shouldn't matter though. I'd rather be: a.) blocking the port 25 traffic and b.) virus scanning the outbound mail, than dealing with the thousands of "Your user tried to hack my system. I'm calling the FBI on you." messages. Eric -----Original Message----- From: owner-nanog () merit edu [mailto:owner-nanog () merit edu] On Behalf Of John Curran Sent: Tuesday, April 13, 2004 3:53 PM To: Stephen J. Wilcox Cc: nanog () merit edu Subject: Re: Lazy network operators At 8:39 PM +0100 4/13/04, Stephen J. Wilcox wrote:
Most of the spam I'm seeing comes directly from end user hosts that have either an open proxy on them or some kind of malware with its own SMTP engine designed to send out junk.. in this model the only port 25 traffic is that from the end host coming outwards, I believe you're suggestion is to filter port 25 towards hosts. Even blocking the outbound 25 traffic (eg pushing it via the ISP SMTP relay) will not stop the emails. It is possible to extend this and implement some sort of statistical sanity checking on the mail being relayed (eg alarm/deny mail once it exceeds X/minute/host) which is
potentially a workable solution. Steve, I'm very much suggesting blocking outward to the Internet port 25 traffic, except from configured mail relays for that end-user site. Those hosts which have MSTP malware are stopped cold as a result. /John
Current thread:
- Re: Lazy network operators, (continued)
- Re: Lazy network operators Paul Vixie (Apr 16)
- Re: Lazy network operators Niels Bakker (Apr 16)
- Re: Lazy network operators Iljitsch van Beijnum (Apr 16)
- Re: Lazy network operators Paul Vixie (Apr 16)
- Re: Lazy network operators Petri Helenius (Apr 16)
- Re: Lazy network operators Iljitsch van Beijnum (Apr 16)
- Re: Lazy network operators Petri Helenius (Apr 16)
- Re: Lazy network operators Paul Jakma (Apr 17)
- Re: Lazy network operators Paul Vixie (Apr 17)
- Re: Lazy network operators Kurt Erik Lindqvist (Apr 20)
- RE: Lazy network operators Stephen J. Wilcox (Apr 14)
- Re: Lazy network operators Petri Helenius (Apr 14)
- Re: Lazy network operators Alex Bligh (Apr 14)
- Re: Lazy network operators John Curran (Apr 14)
- Re: Lazy network operators Todd Vierling (Apr 14)
- Re: Lazy network operators Joe Abley (Apr 14)