On Apr 21, 2010, at 9:57 AM, Dan White wrote:
On 21/04/10 10:49 -0300, Claudio Lapidus wrote:
Hello all,
At our ISP operation, we are seeing increasing levels of traffic in our outgoing MTA's, presumably due to spammers abusing some of our subscribers' accounts. In fact, we are seeing connections from IPs outside of our network as many as ten times of that from inside IPs. Probably all of our customers are travelling abroad and sending back a lot of postcards, but just in case... ;-)
So we are considering ways to further filter this traffic. We are evaluating implementation of MSA through port 587. However, we never did this and would like to know of others more knowledgeable of their experiences. The question is what best practices and stories do you guys have to share in this regard. Also please let me know if you need additional detail.
Depending on what level of pain you want to inflict on your roaming users:
1) Require them to smtp auth to your server when sending mail
SMTP AUTH on port 587, preferably with SSL/TLS.
2) Require them to use the local SMTP of the server they are connected to, and do not allow remote relay at all.
Good way to not have customers.
3) Require them to send mail via a webmail interface when they are not on your local network
I would not think that using port 587 is going to work in many cases, such as from Hotel wireless networks.
Port 587 connectivity has survived almost every public access and hotel access system I've ever tried. Port 25 is often blocked or hijacked.
-- Dan White