SMTP Port Blocking: Success or Failure?
Stephen Fulton
nanog at esoteric.ca
Sun Feb 27 17:41:19 UTC 2005
Claydon, Tom wrote:
It depends on your customer base. For residential customers, filtering
outbound port 25 is considered acceptable. For business customer, not
so. In my case, I deal with the latter. It can be problematic, because
business computers do become part of part of some spammer's botnet.
That means in a given week I spend a few hours informing clients about
infected machines, when I should be working on something more
productive. Conversely, there are problems when clients send out spam
through our legacy mail servers, particularly when those connections
come through NAT'ed environments. If that NAT'ed network has hundreds
of hosts behind it, it can be extremely difficult to get a client's
support staff to even work on the problem, because I cannot provide them
with the specific details they need to locate the problem machine (and
most lack the skill or will to learn to use network analyzers like
Ethereal to narrow the field within their network). Therefore, I've put
together a new mail system that only allows SMTP relaying once they've
been authenticated. That leads to more issues, particularly with
devices like printers or outdated software which cannot properly do
SMTP-Auth. But as long as the majority use SMTP-Auth, it becomes a lot
easier to trace problems then now.
--
Stephen Fulton | We can be quick-witted
Systems Administrator | or very intelligent
Toronto, Canada | but not both.
http://www.esoteric.ca/ | -- Stephen Hawking.
> We are considering filtering outbound SMTP traffic from our ISP
> customers, except from our own mail servers, to help reduce the amount
> of spam originating from our network. How successful/unsucessful has
> implementing outbound SMTP filtering done in stopping or slowing down
> spam from your network?
>
> Also, if outbound SMTP filtering has not worked for you, are there any
> other things that you have implemented that have helped with spam
> traffic?
>
> Thanks,
>
> = TC
>
> --
> Tom Claydon, IT/ATM Network Engineer
> Dobson Telephone Company
> http://www.dobsonteleco.com
More information about the NANOG
mailing list