My apologies for another annoying SMTP thread.
So, while considering enabling SMTPAUTH for all our
customers, I’m planning on placing firm policy on relaying. We’re
a regional broadband ISP/MSO that also serves a significant number of
educational and commercial cable/DSL connections as well as a large number of
T1/T3/OC3/Ethernet customers.
That leaves with me needing to define how we will handle 3
situations:
1)
Residential (a few dynamic IP computers)
2)
Broadband Commercial (Static IP and a few forwarded
IP’s, a dozen end user PC’s)
3)
Dedicated commercial customers (t1/ds3/Ethernet/oc3)
HISTORY: Old school thought was that as long as you
are on an ISP’s IP space, you can use them to relay. This made it
easy for roamers as everyone would use the ISP’s mailserver for outbound,
and their mailserver for inbound. Yes – there was always a fuzzy
line for t1/ds3/oc3 customers because some ISP’s allowed their space to
relay and some did not. I’m trying to determine what the “new
school” thoughts are.
Below are my thoughts and concerns on each. I’m
interested in hearing what others have implemented regarding policy, what the
large NSP’s have implemented, and what your thoughts are.
1)
Residential Policy: Enable SMTPAUTH and
disallow relaying unless the customer has a valid username/password. If
you’re not paying for a mailbox, you don’t get to relay outbound.
This should not break anything except those residential accounts that *should* be commercial anyway.
2)
Broadband commercial: This is the difficult
one. These are the customers that aren’t big enough to rightfully
run their own mailserver, but they are big enough to have roaming users on
their networks (coffee shops, branch offices, hotels, SOHO….).
They expect relaying service for either their mailserver or for all their
various PC’s. At the same time, they don’t have many, if any
mailboxes through the ISP. My thought is that they should ONLY be allowed
to relay via SMTPAUTH by using a residential mailbox login/pass OR they need to
purchase a commercial relay service (expensive because of the openness of it) for
their IP space.
3)
T1+ : These customers should not be allowed to relay
unless they purchase (expensive) relay services for their IP space. Of
course, they can always use a residential mailbox, but will have to use
SMTPAUTH for it and will be restrained by the same policies residential
mailboxes have (low tolerance tarpitting,…).
As always, thanks in advance.
--Dan
--
Daniel Ellis, CTO, PenTeleData
(610)826-9293