North American Network Operators Group|
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical
smtp CAR (another use for CAR)
This has been my great use for CAR (since icmp, etc.. CAR'ing).. If you are a dialup provider (or have dial ports), and CAR smtp from those networks down to 8kb/sec across your entire network to your upstreams, etc.. that are not going to your smtp server(s), or people you share dial pools with smtp servers, you can reduce the amount of third party relaying that occurs in your network. We've had great success with it here, as we had someone (ab)using our online signup by signing up at 3am, dialing in, then sending a few hundreds of thousands of third-party relay spam messages. What I did: rate-limit output access-group 163 8000 8000 8000 conform-action set-prec-transmit 7 exceed-action drop on our upstream links, where acl 163 was a many line acl including all our dialup pools. permit tcp 10.10.10.0 0.0.0.127 any eq smtp etc.. You'll find you get matches against the access-list for people using remote servers, but if you get complaints, tell them to use your mail server.. We use this as an alternative (currently) to the per-port filters you can stick into dialup NASes for restricting smtp to a set of a few servers, etc.. - Jared -- Jared Mauch | pgp key available via finger from [email protected] clue++; | http://puck.nether.net/~jared/ My statements are only mine. | "Waste Management Consultant"