North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Time to check the rate limits on your mail servers

  • From: Adi Linden
  • Date: Sat Feb 05 12:23:23 2005

> > You should know all your users email addresses.
> You have got to be kidding.

Not kidding.

I have a mail system that handles mail for the domain. I use
SMTP AUTH as the only means to relay through the server. My expectation
from my customers is that they will utilize this mail service for their
[email protected] communications. This means the mail server has knowledge
of all 'mail from' addresses my users are allowed to use.

Who says that Joe ISP has to provide an open SMTP relay to all customers
on his IP space? Let's face it, it doesn't work! Even with throttling some
SPAM will make it thorough and tha mail server will be black listed and
unable to deliver mail to many destinations in no time. It's only a matter
of time before owned PCs aquire the 'intelligence' to utilize SMTP AUTH to
relay mail.

So to clarify my position, my SMTP server handles mail for my users and
noone else. My users are identified by their email address(es) on my mail
server. Therefore, I can enforce that may mailserver reject relayed mail
that does not have a 'mail from' address that corresponds to one of the
valid email addresses for an authenticated users.

I am addressing the dilemma with the average home user. If you own a bunch
of domains you're in a whole different class. Make arrangement with your
ISP to handle your mail, run your own mail server or buy hosting with
email accounts. Point is, if you own a bunch of domains you're not the
average home user that floods the world with crap without their knowledge.