[57829] in North American Network Operators' Group
RE: Open relays and open proxies
daemon@ATHENA.MIT.EDU (Mike Damm)
Thu Apr 24 16:52:21 2003
From: Mike Damm <MikeD@irwinresearch.com>
To: 'Adi Linden' <adil@adis.on.ca>, nanog@merit.edu
Date: Thu, 24 Apr 2003 13:52:40 -0700
Errors-To: owner-nanog-outgoing@merit.edu
Block port 25 inbound and outbound, and setup a cluster of managed,
authenticated, secure, mail relays (both in and out) for your customers.
You're never going to get all the proxy ports, but regardless to send spam
they have to hit port 25 on the outbound.
I don't want to stir up old debates about SMTP filters on the edge, but I do
think it's a viable solution if you provide a simple to use alternative for
your userbase. (God knows I have had enough problems with sales staff
plugging laptops into foreign networks and trying to get back to our mail
boxes)
---
Michael Damm, MIS Department, Irwin Research & Development
V: 509.457.5080 x298 F: 509.577.0301 E: miked@irwinresearch.com
-----Original Message-----
From: Adi Linden [mailto:adil@adis.on.ca]
Sent: Thursday, April 24, 2003 12:11 PM
To: nanog@merit.edu
Subject: Open relays and open proxies
I am seeing an increasing number of hosts on our network become an open
proxy. So far the response to this has been reactive, once I receive
complaints from spam victims I deal with the source of the problem.
Is there an accepted way of blocking open proxy and open relay traffic at
the network edge?
Adi
