smtp CAR (another use for CAR)
jared at puck.Nether.net
Fri Jun 25 18:16:46 UTC 1999
This has been my great use for CAR (since icmp, etc.. CAR'ing)..
If you are a dialup provider (or have dial ports), and CAR
smtp from those networks down to 8kb/sec across your entire network
to your upstreams, etc.. that are not going to your smtp server(s),
or people you share dial pools with smtp servers, you can reduce the amount
of third party relaying that occurs in your network.
We've had great success with it here, as we had someone
(ab)using our online signup by signing up at 3am, dialing in, then
sending a few hundreds of thousands of third-party relay spam messages.
What I did:
rate-limit output access-group 163 8000 8000 8000 conform-action set-prec-transmit 7 exceed-action drop
on our upstream links, where acl 163 was a many line acl including
all our dialup pools.
permit tcp 10.10.10.0 0.0.0.127 any eq smtp
You'll find you get matches against the access-list
for people using remote servers, but if you get complaints,
tell them to use your mail server..
We use this as an alternative (currently) to the per-port
filters you can stick into dialup NASes for restricting smtp
to a set of a few servers, etc..
Jared Mauch | pgp key available via finger from jared at puck.nether.net
clue++; | http://puck.nether.net/~jared/ My statements are only mine.
| "Waste Management Consultant"
More information about the NANOG