RE: SMTP relaying policies for Commercial ISP customers...?

[Andy Dills <andy () xecu net>]

On Fri, 13 Feb 2004, Dan Ellis wrote:

> The issue we have as a dynamic IP broadband provider is that it's a
> royal pain to shutdown a user - especially in regards to just mail.
> Lets say we have a spammer and a script detects it. We then have to
> track him back to the MAC address of the modem, lookup that MAC in the
> customer DB, shutdown his access and then reset the modem.  And at the
> end, he loses all access, not just mail.  With AUTH we can just stop
> mail access.  Yeah, sure we could try to push some access list to the
> modem itself, blocking mail, but those modems are so flaky to start,
> it'll never work reliably.  Can't just block the IP on the mail server
> because the user will or could just get a new IP, and then you are
> blocking a legit user.

Yes, that is a little bit stickier of an issue, IFF your goal is to
somehow continue to provide the would-be spammer with the ability to send
traffic to the net, provided it doesn't transit your mail server. I feel
that you're overlooking the simple solution. Blocking the entire account
so they can't access anything is the proper response to a spamming
incident.

> I'm still not sure if the norm is for providers to let t1+ customers
> relay.  I have multiple OC3's and 12's from AT&T, MCI,...  Will they let
> me relay off their servers without SMTPAUTH?  Probably not.

I'm almost positive they would. Hell, many providers will give you a free
NNTP feed if you want it. The goal is to maximize the use of the link
between you and the customer while minimizing the use of the links between
you and other networks. Services like SMTP and NNTP are great for that.

Andy

---
Andy Dills
Xecunet, Inc.
www.xecu.net
301-682-9972
---