nanog mailing list archives
RE: SMTP relaying policies for Commercial ISP customers...?
From: "Ejay Hire" <ejay.hire () isdn net>
Date: Fri, 13 Feb 2004 15:30:33 -0600
You could use AOL's tactic and transparent proxy all outbound port 25 traffic. Then it'd be a relatively simple matter to add mr. spammer's ip to a hosts.deny. If you were really big-brother, you could do real-time Beaysean scanning to identify "suspicious" hosts. -Ejay
-----Original Message----- From: owner-nanog () merit edu [mailto:owner-nanog () merit edu]
On
Behalf Of Dan Ellis Sent: Friday, February 13, 2004 11:55 AM To: Andy Dills Cc: nanog () merit edu Subject: RE: SMTP relaying policies for Commercial ISP
customers...?
Andy, These are exactly my concerns, and exactly what I feel I'm
going to hear from the staff and the customers. I am
going
to go back and make sure there isn't a "better" solution.
Thanks for the input. The issue we have as a dynamic IP broadband provider is
that
it's a royal pain to shutdown a user - especially in
regards
to just mail. Lets say we have a spammer and a script detects it. We then have to track him back to the MAC
address
of the modem, lookup that MAC in the customer DB, shutdown
his access and then reset the modem. And at the end, he loses all access, not just mail. With AUTH we can just
stop
mail access. Yeah, sure we could try to push some access list to the modem itself, blocking mail, but those modems
are
so flaky to start, it'll never work reliably. Can't just block the IP on the mail server because the user will or could just get a new IP, and then you are blocking a legit
user.
I'm still not sure if the norm is for providers to let t1+
customers relay. I have multiple OC3's and 12's from
AT&T,
MCI,... Will they let me relay off their servers without SMTPAUTH? Probably not. As always, comments welcome. -- Daniel Ellis, CTO, PenTeleData (610)826-9293 "The only way to predict the future is to invent it." --Alan
Kay
-----Original Message----- From: Andy Dills [mailto:andy () xecu net] Sent: Friday, February 13, 2004 12:35 PM To: Dan Ellis Cc: nanog () merit edu Subject: Re: SMTP relaying policies for Commercial ISP
customers...?
On Fri, 13 Feb 2004, Dan Ellis wrote:1) Residential Policy: Enable SMTPAUTH anddisallow relayingunless the customer has a valid username/password. If
you're not payingfor a mailbox, you don't get to relay outbound. Thisshould not breakanything except those residential accounts that
*should*
be commercialanyway. 2) Broadband commercial: This is the difficult
one.
These are thecustomers that aren't big enough to rightfully run
their
own mailserver,but they are big enough to have roaming users on their
networks (coffeeshops, branch offices, hotels, SOHO....). They expect
relaying servicefor either their mailserver or for all their variousPC's. At the sametime, they don't have many, if any mailboxes through
the ISP. My
thought is that they should ONLY be allowed to relay
via
SMTPAUTH byusing a residential mailbox login/pass OR they need to
purchase a
commercial relay service (expensive because of theopenness of it) fortheir IP space. 3) T1+ : These customers should not be allowed
to
relay unlessthey purchase (expensive) relay services for their IPspace. Of course,they can always use a residential mailbox, but will
have
to use SMTPAUTHfor it and will be restrained by the same policiesresidential mailboxeshave (low tolerance tarpitting,...).While the amount of effort you put into this so far iscommendable, Ireally think you're barking up the wrong tree. At the end of the day, what have you done, besides annoy
your customersand increase the load on your support staff? I don't really see what you're suggesting being anything
other than a hugeeffort, solving the wrong problem. For any responsible ISP, the problem is the spam coming
into your
mailservers, not leaving. As long as you quickly
castrate
the people whodo relay spam through you, you're not going to have an
egress spam
problem. Since you seem to have countless hours to invest in this
problem, you'd bebetter off writing a log parser to identify WHEN
somebody
is relaying spamthrough you, so you can react. Something else I've seen implemented is rate limiting.
Keep
track of thenumber of messages sent by an IP over a variable amount
of time and
implement thresholds. I'd love to hear some of the conversations you have with
your leased linecustomers, when you tell them they have to pay for"(expensive) relayservices" to send mail through your mail server. How
many
times will theylaugh before hanging up on you? :) That's like the IRS trying to charge you for the
forms...
And I'd also like to see the looks on your technicalsupport staff's faceswhen you tell them they need to assist your ENTIRE USERBASE in switchingto authenticated SMTP :) And then you have to deal with the customers who have
MTAs
that don'tsupport authenticated SMTP...and on and on. Whenever the solution is more expensive than the
problem,
you need to goback to the drawing board. Andy --- Andy Dills Xecunet, Inc. www.xecu.net 301-682-9972 ---
Current thread:
- Re: SMTP relaying policies for Commercial ISP customers...?, (continued)
- Re: SMTP relaying policies for Commercial ISP customers...? Andy Dills (Feb 13)
- Re: SMTP relaying policies for Commercial ISP customers...? Steven Champeon (Feb 13)
- Cisco Secure ACS Solution Engine-a 1-RU Mr. James W. Laferriere (Feb 13)
- Re: SMTP relaying policies for Commercial ISP customers...? Steven Champeon (Feb 13)
- RE: SMTP relaying policies for Commercial ISP customers...? Dan Ellis (Feb 13)
- RE: SMTP relaying policies for Commercial ISP customers...? Andy Dills (Feb 13)
- Re: SMTP relaying policies for Commercial ISP customers...? Leo Vegoda (Feb 13)
- Re: SMTP relaying policies for Commercial ISP customers...? Petri Helenius (Feb 13)
- Re: SMTP relaying policies for Commercial ISP customers...? jlewis (Feb 13)
- Re: SMTP relaying policies for Commercial ISP customers...? Joseph Noonan (Feb 13)
- Re: SMTP relaying policies for Commercial ISP customers...? Andy Dills (Feb 13)
- RE: SMTP relaying policies for Commercial ISP customers...? Andy Dills (Feb 13)
- Re: SMTP relaying policies for Commercial ISP customers...? Andy Dills (Feb 13)
- RE: SMTP relaying policies for Commercial ISP customers...? Ejay Hire (Feb 13)
- RE: SMTP relaying policies for Commercial ISP customers...? Daniel Reed (Feb 13)