[125695] in North American Network Operators' Group
Re: Mail Submission Protocol
daemon@ATHENA.MIT.EDU (Daniel Senie)
Wed Apr 21 10:08:38 2010
From: Daniel Senie <dts@senie.com>
In-Reply-To: <20100421135733.GA4738@dan.olp.net>
Date: Wed, 21 Apr 2010 10:06:12 -0400
To: Dan White <dwhite@olp.net>
Cc: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Apr 21, 2010, at 9:57 AM, Dan White wrote:
> On 21/04/10 10:49 -0300, Claudio Lapidus wrote:
>> Hello all,
>>=20
>> At our ISP operation, we are seeing increasing levels of traffic in =
our
>> outgoing MTA's, presumably due to spammers abusing some of our =
subscribers'
>> accounts. In fact, we are seeing connections from IPs outside of our =
network
>> as many as ten times of that from inside IPs. Probably all of our =
customers
>> are travelling abroad and sending back a lot of postcards, but just =
in
>> case... ;-)
>>=20
>> So we are considering ways to further filter this traffic. We are =
evaluating
>> implementation of MSA through port 587. However, we never did this =
and would
>> like to know of others more knowledgeable of their experiences. The =
question
>> is what best practices and stories do you guys have to share in this =
regard.
>> Also please let me know if you need additional detail.
>=20
> Depending on what level of pain you want to inflict on your roaming =
users:
>=20
> 1) Require them to smtp auth to your server when sending mail
SMTP AUTH on port 587, preferably with SSL/TLS.
> 2) Require them to use the local SMTP of the server they are connected =
to,
> and do not allow remote relay at all.
Good way to not have customers.
> 3) Require them to send mail via a webmail interface when they are not =
on
> your local network
>=20
> I would not think that using port 587 is going to work in many cases, =
such
> as from Hotel wireless networks.
Port 587 connectivity has survived almost every public access and hotel =
access system I've ever tried. Port 25 is often blocked or hijacked.
>=20
> --=20
> Dan White
