Mail Submission Protocol

Daniel Senie dts at senie.com
Wed Apr 21 14:06:12 UTC 2010


On Apr 21, 2010, at 9:57 AM, Dan White wrote:

> On 21/04/10 10:49 -0300, Claudio Lapidus wrote:
>> Hello all,
>> 
>> At our ISP operation, we are seeing increasing levels of traffic in our
>> outgoing MTA's, presumably due to spammers abusing some of our subscribers'
>> accounts. In fact, we are seeing connections from IPs outside of our network
>> as many as ten times of that from inside IPs. Probably all of our customers
>> are travelling abroad and sending back a lot of postcards, but just in
>> case... ;-)
>> 
>> So we are considering ways to further filter this traffic. We are evaluating
>> implementation of MSA through port 587. However, we never did this and would
>> like to know of others more knowledgeable of their experiences. The question
>> is what best practices and stories do you guys have to share in this regard.
>> Also please let me know if you need additional detail.
> 
> Depending on what level of pain you want to inflict on your roaming users:
> 
> 1) Require them to smtp auth to your server when sending mail

SMTP AUTH on port 587, preferably with SSL/TLS.

> 2) Require them to use the local SMTP of the server they are connected to,
> and do not allow remote relay at all.

Good way to not have customers.

> 3) Require them to send mail via a webmail interface when they are not on
> your local network
> 
> I would not think that using port 587 is going to work in many cases, such
> as from Hotel wireless networks.

Port 587 connectivity has survived almost every public access and hotel access system I've ever tried. Port 25 is often blocked or hijacked.

> 
> -- 
> Dan White





More information about the NANOG mailing list