North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Spam Control Considered Harmful
On Wed, Oct 29, 1997 at 09:53:52PM -0600, John A. Tamplin wrote: > > This is roughly akin, though, isn't it, John, to the cache pollution > > problems that make it pretty much a requirement to run 2 separate > > nameservers: one for recursion and caching, and the other to be > > authoritative? > > > > Run a separate relay server, with some authentication, for users > > connecting from outside your AS. > > The point is there can be no useful authentication for outgoing email if > you don't block it by IP address. However, that is a discussion about > blocking spam relay, not about blocking outgoing SMTP. If we install a > filter at the router that blocks all traffic from dialup connections to > port 25 anywhere else, then it doesn't matter how many servers we run they > can't get to another SMTP server, even if they are supposed to be doing it. Oh, ok. Sorry. Right. I misread the other gentleman's suggestion. > > Hold it. Didn't you just say the opposite above? > > He offered an example of a customer that has dialup access to two ISPs, > and wants to connect to the SMTP server of the one he isn't currently > connected to. Because of the relay blocking that we and all the other ISPs > in town implement (and hopefully ISPs elsewhere), the customer can't do that > anyway. Right. Got it. > What I said above is that there are other examples that our customers expect > to work, specifically connecting to an SMTP server at work or connecting to > a virtual domain hosted at another ISP (in our case it is primarily the > vdom user dialup into another ISP and accessing the site here), that is > why we can't block all traffic from dialup to port 25 anywhere. Rog. On deck now. > I think you are confusing the issue of blocking unauthorized relay access > to your SMTP server, which is easy to do based on CIDR blocks, with that of > preventing dialup customers from relaying through the SMTP servers of others. > The difficulty in the latter is finding a way to determine what SMTP servers > they are supposed to have access to and then implementing that in a router > access list. Right. Of course, that's a Small Matter of Administration. :-) Cheers, -- jra -- Jay R. Ashworth [email protected] Member of the Technical Staff Unsolicited Commercial Emailers Sued The Suncoast Freenet "Pedantry. It's not just a job, it's an Tampa Bay, Florida adventure." -- someone on AFU +1 813 790 7592
|