nanog mailing list archives

Re: Outgoing SMTP Servers

From: Brian Johnson <bjohnson () drtel com>
Date: Tue, 1 Nov 2011 01:17:16 +0000



Sent from my iPad

On Oct 31, 2011, at 4:17 PM, "Robert Bonomi" <bonomi () mail r-bonomi com> 

<snip>

There is an at-least-somewhat-valid argument against outbound filtering.
to wit, various receiving systems may have different policies on what is/
is-not 'acceptable' traffic.  They have a better idea of what is acceptable
to the recipients (their users), than the originating MTA operator does. An
originating system cannot accomodate that diversity of opinions _without_ 
getting input from all prospective recipients.

And it is, of course, 'not practical' for every email recipient to notify 
every email 'source' network as to what that recpient considers 'acceptable'.
<wry grin>


This is not plausible. It also has nothing to do with a network owner protecting his network from his own users.


There are only a relative handful of things a _residential_ provider can 
use to "reliably" filter outgoing mail. A non-comprehensive list:
 1) 'Greylisting' at the origin is as effective at stopping spam as it is
    at the destination.
 2) Checks for certain kinds of standards violations that legitimate mail 
    software does not make.
 3) Check for certain kinds of 'lies' in headers -- things that *cannot*
    occur in legitimate email. 
 4) 'Rate-limiting' to detect/quarrantine abnormal traffic levels.
 5) Tracking SMTP 'MAIL FROM:" and the "From:" (or 'Resent-From:', if
    present), and quarrantining on abnormal numbers of different putative
    origins.

There's no point in checking source addresses against any DNSBL, for reasons
that should be 'obvious'.  <*GRIN*>

Further, any sort of "content" filters prevent customers from _discussing_ 
scams in e-mail.

There is a 'hard' problem in letting the source 'opt out' of such filtering,
because an intentional 'bad guy' will request his outgoing mail not be 
monitored, as well as the person who has a 'legitimate' reason for sending
messages that might trip mindless content filters.

Statistical note:  Out of the last roughly 6,000 pieces of spam seen here,
circa 2,700 were caught by checks 2), and 3) above, and another circa 2,600
were in character-sets not supported here.   Incidentally, spam volume, as
seen here, is running a bit _under_ 2/3 of all email, down from a peak of 
over 95%.


This misses the point of the thread which is not filtering. It is port 25 blocking. Statistically all of he problems 
exist on TCP port 25. This is why the filtering is largely effective.

- Brian

Current thread:

Re: Outgoing SMTP Servers, (continued)
- - - Re: Outgoing SMTP Servers -Hammer- (Oct 28)
    - Re: Outgoing SMTP Servers Jay Ashworth (Oct 28)
    - Re: Outgoing SMTP Servers Dave CROCKER (Oct 30)
    - Re: Outgoing SMTP Servers Brian Johnson (Oct 30)
    - Re: Outgoing SMTP Servers Dave CROCKER (Oct 30)
    - Re: Outgoing SMTP Servers Michael Thomas (Oct 31)
    - Re: Outgoing SMTP Servers Jack Bates (Oct 31)
    - Re: Outgoing SMTP Servers Brian Johnson (Oct 31)
    - Re: Outgoing SMTP Servers Jack Bates (Oct 31)
    - Re: Outgoing SMTP Servers Robert Bonomi (Oct 31)
    - Re: Outgoing SMTP Servers Brian Johnson (Oct 31)
    - RE: Outgoing SMTP Servers Keith Medcalf (Oct 31)
    - Message not available
    - Re: Outgoing SMTP Servers William Herrin (Oct 30)
    - Re: Outgoing SMTP Servers Valdis . Kletnieks (Oct 28)
    - RE: Outgoing SMTP Servers Brian Johnson (Oct 28)
    - Message not available
    - RE: Outgoing SMTP Servers Brian Johnson (Oct 28)
    - Re: Outgoing SMTP Servers Owen DeLong (Oct 28)
    - Re: Outgoing SMTP Servers Bill Stewart (Oct 28)
    - RE: Outgoing SMTP Servers Brian Johnson (Oct 31)
    - Re: Outgoing SMTP Servers Brian Johnson (Oct 28)
    - Re: Outgoing SMTP Servers William Herrin (Oct 28)

(Thread continues...)