Block port 25 inbound and outbound, and setup a cluster of managed, authenticated, secure, mail relays (both in and out) for your customers. You're never going to get all the proxy ports, but regardless to send spam they have to hit port 25 on the outbound. I don't want to stir up old debates about SMTP filters on the edge, but I do think it's a viable solution if you provide a simple to use alternative for your userbase. (God knows I have had enough problems with sales staff plugging laptops into foreign networks and trying to get back to our mail boxes) --- Michael Damm, MIS Department, Irwin Research & Development V: 509.457.5080 x298 F: 509.577.0301 E: miked@irwinresearch.com -----Original Message----- From: Adi Linden [mailto:adil@adis.on.ca] Sent: Thursday, April 24, 2003 12:11 PM To: nanog@merit.edu Subject: Open relays and open proxies I am seeing an increasing number of hosts on our network become an open proxy. So far the response to this has been reactive, once I receive complaints from spam victims I deal with the source of the problem. Is there an accepted way of blocking open proxy and open relay traffic at the network edge? Adi