Stealth Blocking

Mike Batchelor mikebat at
Fri May 25 23:04:20 UTC 2001

> Returning to operational traffic:
> > One thing that I think *will* help, particularly in the short term, is
> > port 25 blocking of dialup ports.  It's my personal opinion that this
> > will have the greatest impact on spammers who abuse open relays.  I've
> > watched this happen over the last few months, as various large networks
> > have secured their dialup ports.  It's impressive.
> TCP rate-limiting on outbound traffic to *:25 would also be extremely
> effective, particularly on unclassified customer traffic, and without the
> heavy-handed nature of denying all dial-up traffic. Rate-limiting doesn't
> interfere with low-volume legitimate mail, but it really cramps spam.

I'm partial to intercepting, rather than blocking, port 25 outbound traffic
from dialups and redirecting it to a mail relay.  This way, you can easily
see which of your users are sending spam, because you force it all to go
through your own mail relay, even when the dialup user tried to connect
directly to MX hosts.  Roaming users would not need to change their MUA
configuration to use a different outgoing relay.  It also gives you the
opportunity to expunge the queue of spam as soon as it is noticed, sparing
other admins the pain of dealing with it, and saving yourself some
embarassment and pain dealing with the complaints.

> --
> Eric A. Hall                              
> Internet Core Protocols

More information about the NANOG mailing list