[20996] in North American Network Operators' Group
Re: Despamming wholesale dialup
daemon@ATHENA.MIT.EDU (Derek Balling)
Fri Oct 30 18:14:49 1998
Date: Fri, 30 Oct 1998 14:45:35 -0800
To: Phil Howard <phil@whistler.intur.net>,
Bryan.Bradsby@capnet.state.tx.us (Bryan Bradsby)
From: Derek Balling <dredd@megacity.org>
Cc: nanog@merit.edu
In-Reply-To: <199810301838.MAA05627@whistler.intur.net>
There are solutions available to this problem, the primary one being the
"smtp-after-pop" hack that is widely available and fairly widely used.
Essentially, issuing a STAT command opens up an SMTP relay window for
<admin-definable> minutes, whereupon if the user hasn't issued another STAT
in the mean time [e.g. they logged off] the "hole" goes away.
We were using that at my last job and it works just fine.
At 12:38 PM 10/30/98 -0600, Phil Howard wrote:
>Bryan Bradsby wrote:
>
>> Block port 25 (only) from all "open modem banks" (TM) to my SMTP servers.
>> If implemented on a large enough scale, the modem user will be
>> 'encouraged' to use the SMTP server supplied with their account. Make each
>> dialup customer go through, and be authenticated by their own SMTP server.
>
>I think I see an additional problem creeping in here.
>
>The question is whether a dialup user should use the SMTP server of the
>facility provider, or of the ISP that actually resells the account. You
>could have virtual ISP resellers with no facilities at all, but lets take
>a look at a small ISP that does have facilities, and is reselling dialup
>to a national provider so his local business customers can have roaming
>access without calling an 800 number.
>
>If the small ISP opens their SMTP server to the IP addresses of the big
>national dialup provider, which they would have to do in order to be able
>to handle that roaming customer who could be just about anywhere, will
>they not also be opening themselves up to being a relay for any spammer
>that uses any reseller of that national provider? Will not such spammers
>then have access to every ISP doing reselling via that national one?
>
>I think the SMTP server that should be used when dialing that national
>provider is the SMTP server provided by that national provider, unless
>some kind of VPN is used (to be more technically correct, use the SMTP
>server of the provider of IP addressing).
>
>Roeland's issue still applies when the dialup customer is using his domain
>name as the FROM/REPLY. But if the national provider SMTP servers accept
>any domain name in the FROM/REPLY, and just log the reality as it sees it
>in the header (e.g. dialup port and time which can be cross checked with
>the access logs), then anyone can use these dialups, and spammers won't
>get an advantage of being able to spew their filth to other than the SMTP
>server of the dialup provider.
>
>--
> -- *-----------------------------* Phil Howard KA9WGN * --
> -- | Inturnet, Inc. | Director of Internet Services | --
> -- | Business Internet Solutions | eng at intur.net | --
> -- *-----------------------------* philh at intur.net * --
