[67670] in North American Network Operators' Group
RE: Anti-spam System Idea
daemon@ATHENA.MIT.EDU (Scott McGrath)
Tue Feb 17 08:11:17 2004
Date: Tue, 17 Feb 2004 08:10:36 -0500 (EST)
From: Scott McGrath <mcgrath@fas.harvard.edu>
To: nanog@merit.edu
In-Reply-To: <200402162118.i1GLIeaI014537@ns1.baseworx.net>
Errors-To: owner-nanog-outgoing@merit.edu
We do block port 25 as suggested in earlier in the thread. Now the
problem is the spambots use our smarthost(s) to spew their garbage and the
smarthosts are blocked.
there is an easy if somewhat impractical anwswer ;~}
access-list network-egress
deny ip any any log
Think of all the bandwidth charges this would save...
Seriosly though if anyone on the list has any solutions for rate limiting
SMTP in a sendmail environment please reply off list.
Scott C. McGrath
On Mon, 16 Feb 2004, Timothy R. McKee wrote:
>
> Personally I don't see where ingress filters that only allow registered
> SMTP servers to initiate TCP connections on port 25 is irresponsible.
>
> Any user sophisticated enough to legitimately require a running SMTP server
> should also have the sophistication to create a dns entry and register it
> with
> his upstream in whatever manner is required.
>
> There will never be a painless or easy solution to this problem, only a
> choice where we select the lesser of all evils.
>
> Tim
>
> -----Original Message-----
> From: Petri Helenius [mailto:pete@he.iki.fi]
> Sent: Monday, February 16, 2004 16:06
> To: Timothy R. McKee
> Cc: 'J Bacher'; nanog@merit.edu
> Subject: Re: Anti-spam System Idea
>
> Timothy R. McKee wrote:
>
> >There will *never* be a concerted action by all service providers to
> >filter ingress/egress on abused ports unless there is a legal
> >requirement to do so. Think 'level playing field'...
> >
> >
> Havenīt it been stated enough times previously that blindly blocking ports
> is irresponsible?
>
> There are ways to similar, if not more accurate results without resorting to
> shooting everything that moves.
>
> Pete
>
