RE: SMTP authentication for broadband providers
First, a quick thanks to everyone that responded. I've received useful and excellent info from everyone. We do not block on 25 outbound/inbound, but we are considering it for the residential broadband connections - maybe filter, proxy, or at least monitor it. I should clarify one thing: We are considering REQUIRING SMTPAUTH for all connections from customers for relaying - whether they are on our IP space or not. I know this will only buy us a few months until the next round of viruses steal username/pass, but even then it will give us the ability to detect an infected/SPAMMING customer quicker and auto shut them down (vs having to shutdown the IP, and then the customer receives a new IP...) My question is: Have any or many of the larger ISP's gone the route of REQUIRING all customers to use SMTPAUTH - regardless of where they are connected. Can anyone disclose who these regional or national providers are? Thanks again --Dan -- Daniel Ellis, CTO, PenTeleData (610)826-9293
-----Original Message----- From: Florian Weimer [mailto:fw@deneb.enyo.de] Sent: Thursday, February 12, 2004 2:01 AM To: Dan Ellis Cc: nanog@merit.edu Subject: Re: SMTP authentication for broadband providers
Dan Ellis wrote:
We're a medium sized regional MSO/broadband provider with 200k+ mailboxes, strongly considering enabling SMTP authentication on our customer-facing SMTP mail servers. We feel this is the next logical step to minimize our users UCE/virus impact (we already tarpit, virus scan, UCE scan, subscribe to RBL's, reject prior to SMTP close).
Do you block incoming 25/TCP connections from customers? Some of your hosts are listed on my mass-market IP access blacklist, so you probably don't. 8-)
IMHO, this is one of the next thing to consider if you want to reduce the volume of unwanted email originating from your network. There's an intermediate step: monitoring TCP/25 flows. The initial setup costs are much lower, but the operating costs are higher and the effect is less thorough.
Is anyone aware of any well known mail clients that do not support SMTP authentication (Unix, Windows or Mac)?
qmail (as usual).
Well, over here we have gone that route, and we're a National ISP/NSP. Customers can either A) Run their own mail servers, which makes them responsible for the use (or abuse) of their own mail server, or, B) If they choose to purchase mail services from us, we require authentication (via SMTP_AUTH) to send/relay out. Alexander Kiwerski Senior Network Engineer Winstar-IDT Network Operations & Security Desk: +1 206 574 3121 Mobile: +1 206 571 0274 -----Original Message----- From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu]On Behalf Of Dan Ellis Sent: Thursday, February 12, 2004 11:31 AM To: nanog@merit.edu Subject: RE: SMTP authentication for broadband providers First, a quick thanks to everyone that responded. I've received useful and excellent info from everyone. We do not block on 25 outbound/inbound, but we are considering it for the residential broadband connections - maybe filter, proxy, or at least monitor it. I should clarify one thing: We are considering REQUIRING SMTPAUTH for all connections from customers for relaying - whether they are on our IP space or not. I know this will only buy us a few months until the next round of viruses steal username/pass, but even then it will give us the ability to detect an infected/SPAMMING customer quicker and auto shut them down (vs having to shutdown the IP, and then the customer receives a new IP...) My question is: Have any or many of the larger ISP's gone the route of REQUIRING all customers to use SMTPAUTH - regardless of where they are connected. Can anyone disclose who these regional or national providers are? Thanks again --Dan -- Daniel Ellis, CTO, PenTeleData (610)826-9293
qmail (as usual).
participants (2)
-
Alexander Kiwerski -
Dan Ellis