Mail Submission Protocol
Daniel Senie
dts at senie.com
Wed Apr 21 14:06:12 UTC 2010
On Apr 21, 2010, at 9:57 AM, Dan White wrote:
> On 21/04/10 10:49 -0300, Claudio Lapidus wrote:
>> Hello all,
>>
>> At our ISP operation, we are seeing increasing levels of traffic in our
>> outgoing MTA's, presumably due to spammers abusing some of our subscribers'
>> accounts. In fact, we are seeing connections from IPs outside of our network
>> as many as ten times of that from inside IPs. Probably all of our customers
>> are travelling abroad and sending back a lot of postcards, but just in
>> case... ;-)
>>
>> So we are considering ways to further filter this traffic. We are evaluating
>> implementation of MSA through port 587. However, we never did this and would
>> like to know of others more knowledgeable of their experiences. The question
>> is what best practices and stories do you guys have to share in this regard.
>> Also please let me know if you need additional detail.
>
> Depending on what level of pain you want to inflict on your roaming users:
>
> 1) Require them to smtp auth to your server when sending mail
SMTP AUTH on port 587, preferably with SSL/TLS.
> 2) Require them to use the local SMTP of the server they are connected to,
> and do not allow remote relay at all.
Good way to not have customers.
> 3) Require them to send mail via a webmail interface when they are not on
> your local network
>
> I would not think that using port 587 is going to work in many cases, such
> as from Hotel wireless networks.
Port 587 connectivity has survived almost every public access and hotel access system I've ever tried. Port 25 is often blocked or hijacked.
>
> --
> Dan White
More information about the NANOG
mailing list