Feel free to block port 25. Most if not all mail providers offer email access on webmail and on an alternate smtp port (587) If you have NAT - the problem is that if you have spammers abusing your service (or abusing other services on port 25) providers will end up blocking your NAT gateway IP and then you have a problem. You will want to look at walled gardens or similar to block spamming / infected users. Please see the maawg best practice for walled gardens and port 25 management. On Tue, Sep 4, 2012 at 3:37 PM, Ibrahim <ibrahim1@gmail.com> wrote:
Hi All,
I've read old archive about blocking SMTP port (TCP port 25). In my current situation we are mobile operator and use NAT for our subscribers and we have few spammers, a bit difficult to track it because mostly our subscribers are prepaid services. If we block TCP port 25, there might be "good" subscribers will not be able to send email. We are thinking to block MX queries on our DNS server, so only spammer that use their own SMTP server will got affected. All DNS queries from our subscribers already redirected to our DNS cache servers. But seem Bind don't have feature to block MX query. Any best practice to block MX query?
Regards Ibrahim
-- Suresh Ramasubramanian (ops.lists@gmail.com)