Outgoing SMTP Servers

Ray Soucy rps at maine.edu
Wed Oct 26 09:29:45 CDT 2011


We provide service to about 1,000 public schools and libraries in the
state of Maine.

For those users, we block SMTP (port 25 only) traffic unless it goes
through our smarthost for incoming mail, and our mail-relay for
outgoing mail.

Otherwise we would be constantly ending up on blacklists, as many of
our users who attempt to run their own servers configure them to be
open relays, or don't secure host systems and have them turn into
botnets.

To make it a little more desirable we do provide a web UI to manage
mail domains, including letting them configure whether or not they
want to filter spam and some controls to how sensitive that is (kind
of like postini).

Recently, we've been rolling out Linux-based CPE instead of routers;
those provide them with a local firewall.  We've designed the firewall
to filter outgoing SMTP by default, but they can configure a list of
IP addresses to bypass that.  In this situation, they can run their
mail server directly on their network without making use of smarthost
or mail-relay, can manage exceptions, but still have a base-level of
protection against spam bots by default.

We have found that many of our users have come to prefer using our
relay servers as when something isn't working we can provide them with
logging information to help them track down the problem and they tend
to spend less time responding to spam incidents.

Whether or not this model could work commercially, I'm not sure... I
think we end up doing a lot more hand-holding than the typical ISP
given our audience.

As for our mail servers, both smarhost and mail-relay hosts we have
them point to actually point to several mail servers, and we do
perform base level greylisting and subscribe to a few blacklists
before mail is relayed or checked for spam and viruses.

On Tue, Oct 25, 2011 at 12:29 AM, Dennis Burgess
<dmburgess at linktechs.net> wrote:
> I am curious about what network operators are doing with outbound SMTP
> traffic.  In the past few weeks we have ran into over 10 providers,
> mostly local providers, which block outbound SMTP and require the users
> to go THOUGH their mail servers even though those servers are not
> responsible for the domains in question!  I know other mail servers are
> blocking non-reversible mail, however, is this common?  And more
> importantly, is this an acceptable practice?
>
>
>
> Most of our smaller ISPs that we support; we allow any outbound SMTP
> connection, however we do watch residential users for 5+ outbound SMTP
> connections at the same time.  But if the ISP has their own mail
> servers, and users wish to relay though them, we basically tell them to
> use their mail server that they contract with.  What is the best
> practice?
>
>
>
>
>
> -----------------------------------------------------------
> Dennis Burgess, Mikrotik Certified Trainer
> Link Technologies, Inc -- Mikrotik & WISP Support Services
> Office: 314-735-0270 <tel:314-735-0270>  Website:
> http://www.linktechs.net <http://www.linktechs.net/>
> LIVE On-Line Mikrotik Training <http://www.onlinemikrotiktraining.com/>
> - Author of "Learn RouterOS" <http://routerosbook.com/>
>
>
>
>



-- 
Ray Soucy

Epic Communications Specialist

Phone: +1 (207) 561-3526

Networkmaine, a Unit of the University of Maine System
http://www.networkmaine.net/



More information about the NANOG mailing list