Re: Mail Submission Protocol

[Daniel Senie <dts () senie com>]

On Apr 21, 2010, at 9:57 AM, Dan White wrote:

> On 21/04/10 10:49 -0300, Claudio Lapidus wrote:
> > Hello all,
> >
> > At our ISP operation, we are seeing increasing levels of traffic in our
> > outgoing MTA's, presumably due to spammers abusing some of our subscribers'
> > accounts. In fact, we are seeing connections from IPs outside of our network
> > as many as ten times of that from inside IPs. Probably all of our customers
> > are travelling abroad and sending back a lot of postcards, but just in
> > case... ;-)
> >
> > So we are considering ways to further filter this traffic. We are evaluating
> > implementation of MSA through port 587. However, we never did this and would
> > like to know of others more knowledgeable of their experiences. The question
> > is what best practices and stories do you guys have to share in this regard.
> > Also please let me know if you need additional detail.
>
> Depending on what level of pain you want to inflict on your roaming users:
>
> 1) Require them to smtp auth to your server when sending mail

SMTP AUTH on port 587, preferably with SSL/TLS.

> 2) Require them to use the local SMTP of the server they are connected to,
> and do not allow remote relay at all.

Good way to not have customers.

> 3) Require them to send mail via a webmail interface when they are not on
> your local network
>
> I would not think that using port 587 is going to work in many cases, such
> as from Hotel wireless networks.

Port 587 connectivity has survived almost every public access and hotel access system I've ever tried. Port 25 is often 
blocked or hijacked.

> -- 
> Dan White