Despamming wholesale dialup

Bryan Bradsby Bryan.Bradsby at capnet.state.tx.us
Fri Oct 30 15:54:16 UTC 1998


On Fri, 30 Oct 1998, Phil Howard wrote:

> These are actually two separate issues:
> 
> 1.  Open SMTP relays
> 
> 2.  Dialup ports open to all SMTP servers
> 
> While these two issues do interact, and a perfect solution to one of them
> makes the other much less of an impact, they do both need to be addressed
> as distinct issues.

Exactly. 

Attempting to assist responsible netops in closing their open relays
addresses issue #1.  Send them a respectful, helpful and friendly note. 

I would like to discuss item #2. See below.

> > But my question is - Would responsible netops be willing to give me a list
> > of their (non-relaying) SMTP servers?  
> 
> I'm curious what such a list would be used for.  Would you limit access to
> just those SMTP servers?  

Exactly. I would open up port 25 incoming for responsible (not an open
relay) SMTP servers.  Thus real customers could send their legitmate mail.

Block port 25 (only) from all "open modem banks" (TM) to my SMTP servers. 
If implemented on a large enough scale, the modem user will be
'encouraged' to use the SMTP server supplied with their account. Make each
dialup customer go through, and be authenticated by their own SMTP server. 

Each OMB filter will most likely be a /24 or larger block of IP addresses. 

The logic is simple. There are more modems than SMTP servers. Block port
25 from the OMBs, open up for corresponding (responsible) SMTP servers.

Either an operator directs (by filter) port 25 on his modem banks to his
SMTP servers, (preventing OMB), or we do it for him.  The intent is a
convergence on a suggested Best Practice. 

> Would that not form a rather long access list? 

Perhaps for a router or firewall, but not for a sendmail access.db.

>  --    *-----------------------------*      Phil Howard KA9WGN       *    --
>   --   | Inturnet, Inc.              | Director of Internet Services |   --
>    --  | Business Internet Solutions |       eng at intur.net        |  --
>     -- *-----------------------------*      philh at intur.net       * --

-bryan
abuse at capnet.state.tx.us




More information about the NANOG mailing list