On Wed, Oct 29, 1997 at 09:53:52PM -0600, John A. Tamplin wrote:
This is roughly akin, though, isn't it, John, to the cache pollution problems that make it pretty much a requirement to run 2 separate nameservers: one for recursion and caching, and the other to be authoritative?
Run a separate relay server, with some authentication, for users connecting from outside your AS.
The point is there can be no useful authentication for outgoing email if you don't block it by IP address. However, that is a discussion about blocking spam relay, not about blocking outgoing SMTP. If we install a filter at the router that blocks all traffic from dialup connections to port 25 anywhere else, then it doesn't matter how many servers we run they can't get to another SMTP server, even if they are supposed to be doing it.
Oh, ok. Sorry. Right. I misread the other gentleman's suggestion.
Hold it. Didn't you just say the opposite above?
He offered an example of a customer that has dialup access to two ISPs, and wants to connect to the SMTP server of the one he isn't currently connected to. Because of the relay blocking that we and all the other ISPs in town implement (and hopefully ISPs elsewhere), the customer can't do that anyway.
Right. Got it.
What I said above is that there are other examples that our customers expect to work, specifically connecting to an SMTP server at work or connecting to a virtual domain hosted at another ISP (in our case it is primarily the vdom user dialup into another ISP and accessing the site here), that is why we can't block all traffic from dialup to port 25 anywhere.
Rog. On deck now.
I think you are confusing the issue of blocking unauthorized relay access to your SMTP server, which is easy to do based on CIDR blocks, with that of preventing dialup customers from relaying through the SMTP servers of others. The difficulty in the latter is finding a way to determine what SMTP servers they are supposed to have access to and then implementing that in a router access list.
Right. Of course, that's a Small Matter of Administration. :-) Cheers, -- jra -- Jay R. Ashworth jra@baylink.com Member of the Technical Staff Unsolicited Commercial Emailers Sued The Suncoast Freenet "Pedantry. It's not just a job, it's an Tampa Bay, Florida adventure." -- someone on AFU +1 813 790 7592