Mail Submission Protocol

Leen Besselink leen at consolejunkie.net
Wed Apr 21 09:14:01 CDT 2010


On Wed, Apr 21, 2010 at 10:49:07AM -0300, Claudio Lapidus wrote:
> Hello all,
> 

Hello Claudio,

> At our ISP operation, we are seeing increasing levels of traffic in our
> outgoing MTA's, presumably due to spammers abusing some of our subscribers'
> accounts. In fact, we are seeing connections from IPs outside of our network
> as many as ten times of that from inside IPs. Probably all of our customers
> are travelling abroad and sending back a lot of postcards, but just in
> case... ;-)
> 

I presume you use SMTP-authentication ? That way it's easy to see what users
are sending a lot of mail (or more then usual).

> So we are considering ways to further filter this traffic. We are evaluating
> implementation of MSA through port 587. However, we never did this and would
> like to know of others more knowledgeable of their experiences. The question
> is what best practices and stories do you guys have to share in this regard.
> Also please let me know if you need additional detail.
> 

We added SSL to our SMTP-service and tell our customers to use SSL (not TLS)
with authentication and have the mailserver listen on the TCP-ports which
the mailclients pick for that (of which their are a few if I'm not mistaken).

We've found having to tell clients port-numbers sounds complicated and technical,
but telling people to use encryption sounds like a good service and in most
cases it just works (we ask the name of the e-mail client before we give
them any settings). Also because port 25 is blocked in a lot of places,
when people travel with laptops.

The mailservers log the IP-adress and username from the authentication,
that will hopefully allow us to easily play whack-a-mole when confronted
with the problem you might be having.

> thanks in advance,
> cl.
> 




More information about the NANOG mailing list