North American Network Operators Group|
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical
RE: SMTP authentication for broadband providers
First, a quick thanks to everyone that responded. I've received useful and excellent info from everyone. We do not block on 25 outbound/inbound, but we are considering it for the residential broadband connections - maybe filter, proxy, or at least monitor it. I should clarify one thing: We are considering REQUIRING SMTPAUTH for all connections from customers for relaying - whether they are on our IP space or not. I know this will only buy us a few months until the next round of viruses steal username/pass, but even then it will give us the ability to detect an infected/SPAMMING customer quicker and auto shut them down (vs having to shutdown the IP, and then the customer receives a new IP...) My question is: Have any or many of the larger ISP's gone the route of REQUIRING all customers to use SMTPAUTH - regardless of where they are connected. Can anyone disclose who these regional or national providers are? Thanks again --Dan -- Daniel Ellis,�CTO, PenTeleData (610)826-9293 > -----Original Message----- > From: Florian Weimer [mailto:[email protected]] > Sent: Thursday, February 12, 2004 2:01 AM > To: Dan Ellis > Cc: [email protected] > Subject: Re: SMTP authentication for broadband providers > > Dan Ellis wrote: > > > We're a medium sized regional MSO/broadband provider with 200k+ > > mailboxes, strongly considering enabling SMTP authentication on our > > customer-facing SMTP mail servers. We feel this is the next logical > > step to minimize our users UCE/virus impact (we already tarpit, virus > > scan, UCE scan, subscribe to RBL's, reject prior to SMTP close). > > Do you block incoming 25/TCP connections from customers? Some of your > hosts are listed on my mass-market IP access blacklist, so you probably > don't. 8-) > > IMHO, this is one of the next thing to consider if you want to reduce > the volume of unwanted email originating from your network. There's an > intermediate step: monitoring TCP/25 flows. The initial setup costs are > much lower, but the operating costs are higher and the effect is less > thorough. > > > Is anyone aware of any well known mail clients that do not support SMTP > > authentication (Unix, Windows or Mac)? > > qmail (as usual).