On Fri, 30 Oct 1998, Phil Howard wrote:
These are actually two separate issues:
1. Open SMTP relays
2. Dialup ports open to all SMTP servers
While these two issues do interact, and a perfect solution to one of them makes the other much less of an impact, they do both need to be addressed as distinct issues.
Exactly. Attempting to assist responsible netops in closing their open relays addresses issue #1. Send them a respectful, helpful and friendly note. I would like to discuss item #2. See below.
But my question is - Would responsible netops be willing to give me a list of their (non-relaying) SMTP servers?
I'm curious what such a list would be used for. Would you limit access to just those SMTP servers?
Exactly. I would open up port 25 incoming for responsible (not an open relay) SMTP servers. Thus real customers could send their legitmate mail. Block port 25 (only) from all "open modem banks" (TM) to my SMTP servers. If implemented on a large enough scale, the modem user will be 'encouraged' to use the SMTP server supplied with their account. Make each dialup customer go through, and be authenticated by their own SMTP server. Each OMB filter will most likely be a /24 or larger block of IP addresses. The logic is simple. There are more modems than SMTP servers. Block port 25 from the OMBs, open up for corresponding (responsible) SMTP servers. Either an operator directs (by filter) port 25 on his modem banks to his SMTP servers, (preventing OMB), or we do it for him. The intent is a convergence on a suggested Best Practice.
Would that not form a rather long access list?
Perhaps for a router or firewall, but not for a sendmail access.db.
-- *-----------------------------* Phil Howard KA9WGN * -- -- | Inturnet, Inc. | Director of Internet Services | -- -- | Business Internet Solutions | eng at intur.net | -- -- *-----------------------------* philh at intur.net * --
-bryan abuse@capnet.state.tx.us