Anti-spam System Idea

Scott McGrath mcgrath at fas.harvard.edu
Tue Feb 17 13:10:36 UTC 2004



We do block port 25 as suggested in earlier in the thread.  Now the
problem is the spambots use our smarthost(s) to spew their garbage and the
smarthosts are blocked.

there is an easy if somewhat impractical anwswer ;~}

access-list network-egress
 deny ip any any log

Think of all the bandwidth charges this would save...

Seriosly though if anyone on the list has any solutions for rate limiting
SMTP in a sendmail environment please reply off list.

                            Scott C. McGrath

On Mon, 16 Feb 2004, Timothy R. McKee wrote:

>
> Personally I don't see where ingress filters that only allow registered
> SMTP servers to initiate TCP connections on port 25 is irresponsible.
>
> Any user sophisticated enough to legitimately require a running SMTP server
> should also have the sophistication to create a dns entry and register it
> with
> his upstream in whatever manner is required.
>
> There will never be a painless or easy solution to this problem, only a
> choice where we select the lesser of all evils.
>
> Tim
>
> -----Original Message-----
> From: Petri Helenius [mailto:pete at he.iki.fi]
> Sent: Monday, February 16, 2004 16:06
> To: Timothy R. McKee
> Cc: 'J Bacher'; nanog at merit.edu
> Subject: Re: Anti-spam System Idea
>
> Timothy R. McKee wrote:
>
> >There will *never* be a concerted action by all service providers to
> >filter ingress/egress on abused ports unless there is a legal
> >requirement to do so.  Think 'level playing field'...
> >
> >
> Haven´t it been stated enough times previously that blindly blocking ports
> is irresponsible?
>
> There are ways to similar, if not more accurate results without resorting to
> shooting everything that moves.
>
> Pete
>



More information about the NANOG mailing list