[67559] in North American Network Operators' Group
RE: SMTP authentication for broadband providers
daemon@ATHENA.MIT.EDU (Dan Ellis)
Thu Feb 12 14:31:44 2004
Date: Thu, 12 Feb 2004 14:30:53 -0500
From: "Dan Ellis" <ellis@corp.ptd.net>
To: <nanog@merit.edu>
Errors-To: owner-nanog-outgoing@merit.edu
First, a quick thanks to everyone that responded. I've received useful =
and excellent info from everyone.
We do not block on 25 outbound/inbound, but we are considering it for =
the residential broadband connections - maybe filter, proxy, or at least =
monitor it. =20
I should clarify one thing: We are considering REQUIRING SMTPAUTH for =
all connections from customers for relaying - whether they are on our IP =
space or not. I know this will only buy us a few months until the next =
round of viruses steal username/pass, but even then it will give us the =
ability to detect an infected/SPAMMING customer quicker and auto shut =
them down (vs having to shutdown the IP, and then the customer receives =
a new IP...)
My question is: Have any or many of the larger ISP's gone the route of =
REQUIRING all customers to use SMTPAUTH - regardless of where they are =
connected. Can anyone disclose who these regional or national providers =
are?
Thanks again
--Dan
--
Daniel Ellis,=A0CTO, PenTeleData
(610)826-9293
> -----Original Message-----
> From: Florian Weimer [mailto:fw@deneb.enyo.de]
> Sent: Thursday, February 12, 2004 2:01 AM
> To: Dan Ellis
> Cc: nanog@merit.edu
> Subject: Re: SMTP authentication for broadband providers
>=20
> Dan Ellis wrote:
>=20
> > We're a medium sized regional MSO/broadband provider with 200k+
> > mailboxes, strongly considering enabling SMTP authentication on our
> > customer-facing SMTP mail servers. We feel this is the next logical
> > step to minimize our users UCE/virus impact (we already tarpit, =
virus
> > scan, UCE scan, subscribe to RBL's, reject prior to SMTP close).
>=20
> Do you block incoming 25/TCP connections from customers? Some of your
> hosts are listed on my mass-market IP access blacklist, so you =
probably
> don't. 8-)
>=20
> IMHO, this is one of the next thing to consider if you want to reduce
> the volume of unwanted email originating from your network. There's =
an
> intermediate step: monitoring TCP/25 flows. The initial setup costs =
are
> much lower, but the operating costs are higher and the effect is less
> thorough.
>=20
> > Is anyone aware of any well known mail clients that do not support =
SMTP
> > authentication (Unix, Windows or Mac)?
>=20
> qmail (as usual).
