|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical RE: Stealth Blocking
> Returning to operational traffic: > > > One thing that I think *will* help, particularly in the short term, is > > port 25 blocking of dialup ports. It's my personal opinion that this > > will have the greatest impact on spammers who abuse open relays. I've > > watched this happen over the last few months, as various large networks > > have secured their dialup ports. It's impressive. > > TCP rate-limiting on outbound traffic to *:25 would also be extremely > effective, particularly on unclassified customer traffic, and without the > heavy-handed nature of denying all dial-up traffic. Rate-limiting doesn't > interfere with low-volume legitimate mail, but it really cramps spam. I'm partial to intercepting, rather than blocking, port 25 outbound traffic from dialups and redirecting it to a mail relay. This way, you can easily see which of your users are sending spam, because you force it all to go through your own mail relay, even when the dialup user tried to connect directly to MX hosts. Roaming users would not need to change their MUA configuration to use a different outgoing relay. It also gives you the opportunity to expunge the queue of spam as soon as it is noticed, sparing other admins the pain of dealing with it, and saving yourself some embarassment and pain dealing with the complaints. > > -- > Eric A. Hall http://www.ehsco.com/ > Internet Core Protocols http://www.oreilly.com/catalog/coreprot/ > >
|