We are considering filtering outbound SMTP traffic from our ISP customers, except from our own mail servers, to help reduce the amount of spam originating from our network. How successful/unsucessful has implementing outbound SMTP filtering done in stopping or slowing down spam from your network? Also, if outbound SMTP filtering has not worked for you, are there any other things that you have implemented that have helped with spam traffic? Thanks, = TC -- Tom Claydon, IT/ATM Network Engineer Dobson Telephone Company http://www.dobsonteleco.com
On Sat, 26 Feb 2005, Claydon, Tom wrote:
We are considering filtering outbound SMTP traffic from our ISP customers, except from our own mail servers, to help reduce the amount of spam originating from our network. How successful/unsucessful has implementing outbound SMTP filtering done in stopping or slowing down spam from your network?
If you mean on Dial customers this sort of thing has been very helpful, add (as the previous conversations on this have shown, outbound to the dial user filters permitting source port 25 from your mail complex alone as well.
Quoting "Claydon, Tom" <Tom.Claydon@DobsonTelco.net>:
We are considering filtering outbound SMTP traffic from our ISP customers, except from our own mail servers, to help reduce the amount of spam originating from our network. How successful/unsucessful has implementing outbound SMTP filtering done in stopping or slowing down spam from your network?
What about rate limiting SMTP traffic rather than blocking it? That could allow legitimate use for most private customers, while preventing bulk traffic. Capping the number of messages per customer in the ISP mail server would probably also be a good idea, I hear more and more bulk traffic is being sent through ISP mail servers. Cheers, Ketil
What about rate limiting SMTP traffic rather than blocking it? That could allow legitimate use for most private customers, while preventing bulk traffic.
Comcast has been doing something like that, looking for spikes of SMTP connects and blocking when they see them, done at the IP level. I can't say that I'm overly impressed with how well it's working, but it's better than nothing. Regards, John Levine, johnl@iecc.com, Primary Perpetrator of "The Internet for Dummies", Information Superhighwayman wanna-be, http://www.johnlevine.com, Mayor "I dropped the toothpaste", said Tom, crestfallenly.
How effective is rate limiting - can anyone from Comcast reaply to me offlist, I would be very intersted in results ... PR -----Original Message----- From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu]On Behalf Of John Levine Sent: Sunday, February 27, 2005 11:20 AM To: nanog@nanog.org Cc: kfroyn@gnr.com Subject: Re: SMTP Port Blocking: Success or Failure?
What about rate limiting SMTP traffic rather than blocking it? That could allow legitimate use for most private customers, while preventing bulk traffic.
Comcast has been doing something like that, looking for spikes of SMTP connects and blocking when they see them, done at the IP level. I can't say that I'm overly impressed with how well it's working, but it's better than nothing. Regards, John Levine, johnl@iecc.com, Primary Perpetrator of "The Internet for Dummies", Information Superhighwayman wanna-be, http://www.johnlevine.com, Mayor "I dropped the toothpaste", said Tom, crestfallenly.
Claydon, Tom wrote: It depends on your customer base. For residential customers, filtering outbound port 25 is considered acceptable. For business customer, not so. In my case, I deal with the latter. It can be problematic, because business computers do become part of part of some spammer's botnet. That means in a given week I spend a few hours informing clients about infected machines, when I should be working on something more productive. Conversely, there are problems when clients send out spam through our legacy mail servers, particularly when those connections come through NAT'ed environments. If that NAT'ed network has hundreds of hosts behind it, it can be extremely difficult to get a client's support staff to even work on the problem, because I cannot provide them with the specific details they need to locate the problem machine (and most lack the skill or will to learn to use network analyzers like Ethereal to narrow the field within their network). Therefore, I've put together a new mail system that only allows SMTP relaying once they've been authenticated. That leads to more issues, particularly with devices like printers or outdated software which cannot properly do SMTP-Auth. But as long as the majority use SMTP-Auth, it becomes a lot easier to trace problems then now. -- Stephen Fulton | We can be quick-witted Systems Administrator | or very intelligent Toronto, Canada | but not both. http://www.esoteric.ca/ | -- Stephen Hawking.
We are considering filtering outbound SMTP traffic from our ISP customers, except from our own mail servers, to help reduce the amount of spam originating from our network. How successful/unsucessful has implementing outbound SMTP filtering done in stopping or slowing down spam from your network?
Also, if outbound SMTP filtering has not worked for you, are there any other things that you have implemented that have helped with spam traffic?
Thanks,
= TC
-- Tom Claydon, IT/ATM Network Engineer Dobson Telephone Company http://www.dobsonteleco.com
On Sat, 26 Feb 2005 19:04:26 -0600, Claydon, Tom <Tom.Claydon@dobsontelco.net> wrote:
We are considering filtering outbound SMTP traffic from our ISP customers, except from our own mail servers, to help reduce the amount of spam originating from our network. How successful/unsucessful has implementing outbound SMTP filtering done in stopping or slowing down spam from your network?
At Portland State University, we saw a huge reduction in outgoing spam when we blocked port 25, even with liberal exceptions for everyone who said they wanted one. According to SenderBase, the mail volume from our /16 dropped by half (5.3 to 5.0) . I don't think there was any significant drop in legitimate email. There have been a few problems with ISPs that don't accept submission or SMTPS, but the support burden for that is way less than responding to all those spam complaints, and way less than the burden if our campus had been widely blacklisted (and I think we must have been pretty close.) ---David Burns
We put our blocks in place some time ago, Mainly on the Cable Modem side. We found our userbase was very prone to becoming zombie agents for spam. We did enhance our static i.p product by allowing statics to have port 25 open, this averted any real business class customers to continue to function. The benifiet was seen pretty quick here, That in combination with some throttles permiting the standard customer only to send 400emails in a hour has cleaned us up pretty significantly. Jason On Sat, Feb 26, 2005 at 07:04:26PM -0600, Claydon, Tom stated
We are considering filtering outbound SMTP traffic from our ISP customers, except from our own mail servers, to help reduce the amount of spam originating from our network. How successful/unsucessful has implementing outbound SMTP filtering done in stopping or slowing down spam from your network?
Also, if outbound SMTP filtering has not worked for you, are there any other things that you have implemented that have helped with spam traffic?
Thanks,
= TC
-- Tom Claydon, IT/ATM Network Engineer Dobson Telephone Company http://www.dobsonteleco.com
-- ------ Jason Nealis Internet Systems and Services RCN
participants (8)
-
Christopher L. Morrow
-
Claydon, Tom
-
David Burns
-
Jason Nealis
-
John Levine
-
Ketil Froyn
-
Paul Ryan
-
Stephen Fulton