nanog mailing list archives
RE: Customer-facing ACLs
From: "Frank Bulk" <frnkblk () iname com>
Date: Fri, 7 Mar 2008 16:17:14 -0600
Same concerns here. Glad to know we're not alone. I think a transition to blocking outbound SMTP (except for one's own e-mail servers) would benefit from an education campaign, but perhaps the pain level is small enough that it can implemented without. One could start doing a subnet block a day to keep the helpdesk people sane, and then apply a global block at the edge once "done" to catch any subnets that one might have missed. Frank -----Original Message----- From: owner-nanog () merit edu [mailto:owner-nanog () merit edu] On Behalf Of Kameron Gasso Sent: Friday, March 07, 2008 2:44 PM To: Justin M. Streiner Cc: NANOG Subject: Re: Customer-facing ACLs Justin M. Streiner wrote:
I do recall weighing the merits of extending that to drop outbound SMTP to exerything except our mail farm, but it wasn't deployed because there was a geat deal a fear of customer backlash and that it would drive more calls into the call center.
This seems to be very common practice these days for larger ISPs/dialup aggregators using the appropriate RADIUS attributes on supported access servers. We generally restrict outbound SMTP on our dial-up users so they may only reach our hosts (or the mail hosts of our wholesale customers). Our DSL subscribers, both dynamic and static, are currently unfiltered -- but we're very quick to react to abuse incidents and apply filters when necessary until the user cleans up their network. I'm currently on the fence with regards to filtering SMTP for all of our dynamic DSL folks. It'd be nice to prevent abuse before it happens, but it's a matter of finding the time to integrate the filtering into our wholesale backend and making sure there aren't any unforeseen issues. -- Kameron
Current thread:
- Customer-facing ACLs Justin Shore (Mar 07)
- Re: Customer-facing ACLs Justin M. Streiner (Mar 07)
- Re: Customer-facing ACLs Kameron Gasso (Mar 07)
- RE: Customer-facing ACLs Frank Bulk (Mar 07)
- Re: Customer-facing ACLs Kameron Gasso (Mar 07)
- Re: Customer-facing ACLs Valdis . Kletnieks (Mar 07)
- Re: Customer-facing ACLs Justin Shore (Mar 07)
- RE: Customer-facing ACLs Tim Sanderson (Mar 07)
- Re: Customer-facing ACLs Dan Armstrong (Mar 07)
- Re: Customer-facing ACLs Justin Shore (Mar 07)
- Re: Customer-facing ACLs Robert Beverly (Mar 07)
- Re: Customer-facing ACLs Danny McPherson (Mar 07)
- Re: Customer-facing ACLs Mark Tinka (Mar 08)
- Re: Customer-facing ACLs Adrian Chadd (Mar 10)
- Re: Customer-facing ACLs Jo Rhett (Mar 10)
- Re: Customer-facing ACLs Christopher Morrow (Mar 11)
(Thread continues...)
- Re: Customer-facing ACLs Justin M. Streiner (Mar 07)