On Fri, Jun 25, 1999 at 03:01:00PM -0400, Daniel Senie wrote:
Jared Mauch wrote:
This has been my great use for CAR (since icmp, etc.. CAR'ing)..
If you are a dialup provider (or have dial ports), and CAR smtp from those networks down to 8kb/sec across your entire network to your upstreams, etc.. that are not going to your smtp server(s), or people you share dial pools with smtp servers, you can reduce the amount of third party relaying that occurs in your network.
Those who implement this should also advertise this policy, as with any restrictive policy. That way, folks who rely on services you're throttling to death can avoid your networks.
I'm only using this on our dialup pools, not the rest of our network space, so we don't affect any dedicated customers. This obviously means I have to maintain the access-list.
We've had great success with it here, as we had someone (ab)using our online signup by signing up at 3am, dialing in, then sending a few hundreds of thousands of third-party relay spam messages.
What I did:
rate-limit output access-group 163 8000 8000 8000 conform-action set-prec-transmit 7 exceed-action drop
on our upstream links, where acl 163 was a many line acl including all our dialup pools.
permit tcp 10.10.10.0 0.0.0.127 any eq smtp
etc..
You'll find you get matches against the access-list for people using remote servers, but if you get complaints, tell them to use your mail server..
We use this as an alternative (currently) to the per-port filters you can stick into dialup NASes for restricting smtp to a set of a few servers, etc..
Nice denial of service for the rest of your customers. You just need one spammer doing their thing in the middle of the night, and any person with a legitimate reason to be using a remote SMTP server is screwed. Very sweet.
They're not screwed, it'll work, but not fast. If I wanted to deny it, I can build the appropriate ACL for that. I've not heard a single complaint from a customer, and our spam complaints have gone down that our abuse group deals with. It's an alternative to just totally denying remote smtp, and allows us to track the people and shut them off and track them, etc.. so we can hand their info off to people who want to sue for theft of service. - Jared -- Jared Mauch | pgp key available via finger from jared@puck.nether.net clue++; | http://puck.nether.net/~jared/ My statements are only mine. | "Waste Management Consultant"
participants (1)
-
Jared Mauch