nanog mailing list archives

RE: SMTP authentication for broadband providers

From: "Dan Ellis" <ellis () corp ptd net>
Date: Thu, 12 Feb 2004 14:30:53 -0500


First, a quick thanks to everyone that responded.  I've received useful and excellent info from everyone.

We do not block on 25 outbound/inbound, but we are considering it for the residential broadband connections - maybe 
filter, proxy, or at least monitor it.  

I should clarify one thing:  We are considering REQUIRING SMTPAUTH for all connections from customers for relaying - 
whether they are on our IP space or not.  I know this will only buy us a few months until the next round of viruses 
steal username/pass, but even then it will give us the ability to detect an infected/SPAMMING customer quicker and auto 
shut them down (vs having to shutdown the IP, and then the customer receives a new IP...)

My question is: Have any or many of the larger ISP's gone the route of REQUIRING all customers to use SMTPAUTH - 
regardless of where they are connected.  Can anyone disclose who these regional or national providers are?

Thanks again
--Dan

--
Daniel Ellis, CTO, PenTeleData
(610)826-9293

-----Original Message-----
From: Florian Weimer [mailto:fw () deneb enyo de]
Sent: Thursday, February 12, 2004 2:01 AM
To: Dan Ellis
Cc: nanog () merit edu
Subject: Re: SMTP authentication for broadband providers

Dan Ellis wrote:

We're a medium sized regional MSO/broadband provider with 200k+
mailboxes, strongly considering enabling SMTP authentication on our
customer-facing SMTP mail servers.  We feel this is the next logical
step to minimize our users UCE/virus impact (we already tarpit, virus
scan, UCE scan, subscribe to RBL's, reject prior to SMTP close).


Do you block incoming 25/TCP connections from customers?  Some of your
hosts are listed on my mass-market IP access blacklist, so you probably
don't. 8-)

IMHO, this is one of the next thing to consider if you want to reduce
the volume of unwanted email originating from your network.  There's an
intermediate step: monitoring TCP/25 flows.  The initial setup costs are
much lower, but the operating costs are higher and the effect is less
thorough.

Is anyone aware of any well known mail clients that do not support SMTP
authentication (Unix, Windows or Mac)?


qmail (as usual).

Current thread:

Re: SMTP authentication for broadband providers, (continued)
- - - Re: SMTP authentication for broadband providers Daniel Senie (Feb 11)
    - Re: SMTP authentication for broadband providers Sean Donelan (Feb 11)
    - Re: SMTP authentication for broadband providers Alex Bligh (Feb 11)
    - Re: SMTP authentication for broadband providers Sean Donelan (Feb 11)
    - Re: SMTP authentication for broadband providers Alex Bligh (Feb 11)
    - Re: SMTP authentication for broadband providers Dave Crocker (Feb 12)
    - Re: SMTP authentication for broadband providers Lou Katz (Feb 11)
- Re: SMTP authentication for broadband providers Jason McCormick (Feb 11)
- RE: SMTP authentication for broadband providers Mark Segal (Feb 11)
- Re: SMTP authentication for broadband providers Michael . Dillon (Feb 12)
- RE: SMTP authentication for broadband providers Dan Ellis (Feb 12)
  - RE: SMTP authentication for broadband providers Alexander Kiwerski (Feb 12)
- Re: SMTP authentication for broadband providers Miquel van Smoorenburg (Feb 12)
  - Re: SMTP authentication for broadband providers Lou Katz (Feb 12)
    - Re: SMTP authentication for broadband providers Alex Bligh (Feb 12)
    - Re: SMTP authentication for broadband providers Valdis . Kletnieks (Feb 12)
    - Re: SMTP authentication for broadband providers Alex Bligh (Feb 13)
- Re: SMTP authentication for broadband providers Michael . Dillon (Feb 13)
  - Re: SMTP authentication for broadband providers Valdis . Kletnieks (Feb 13)
    - Re: SMTP authentication for broadband providers Rob Pickering (Feb 13)
    - Open, anonymous services and dealing with abuse Sean Donelan (Feb 15)

(Thread continues...)