On Wed, Apr 21, 2010 at 10:49:07AM -0300, Claudio Lapidus wrote:
Hello all,
Hello Claudio,
At our ISP operation, we are seeing increasing levels of traffic in our outgoing MTA's, presumably due to spammers abusing some of our subscribers' accounts. In fact, we are seeing connections from IPs outside of our network as many as ten times of that from inside IPs. Probably all of our customers are travelling abroad and sending back a lot of postcards, but just in case... ;-)
I presume you use SMTP-authentication ? That way it's easy to see what users are sending a lot of mail (or more then usual).
So we are considering ways to further filter this traffic. We are evaluating implementation of MSA through port 587. However, we never did this and would like to know of others more knowledgeable of their experiences. The question is what best practices and stories do you guys have to share in this regard. Also please let me know if you need additional detail.
We added SSL to our SMTP-service and tell our customers to use SSL (not TLS) with authentication and have the mailserver listen on the TCP-ports which the mailclients pick for that (of which their are a few if I'm not mistaken). We've found having to tell clients port-numbers sounds complicated and technical, but telling people to use encryption sounds like a good service and in most cases it just works (we ask the name of the e-mail client before we give them any settings). Also because port 25 is blocked in a lot of places, when people travel with laptops. The mailservers log the IP-adress and username from the authentication, that will hopefully allow us to easily play whack-a-mole when confronted with the problem you might be having.
thanks in advance, cl.