[Mimedefang] Blocking DSK & Cable modem users.
listuser at numbnuts.net
listuser at numbnuts.net
Thu May 22 14:45:01 EDT 2003
On Thu, 22 May 2003, Joseph Brennan wrote:
>
> >> IMHO no ISP should force its
> >> customers to use its own domain for outgoing email. That's just plain
> >> wrong.
> >
> > I'd love to know about such a thing. I agree, that's evil, and a good
> > reason for direct-to-MX.
>
>
> At one time it was considered highly suspicious to want to send
> mail with something other than your username and host in the
> >From line. Old timeshare-based email programs did not provide
> a way to do it.
>
> Obviously things change. But it's not totally evil to want to do
> it the old way. It's faster and simpler to determine what account
> was used to send problem mail. I can see that side of it.
True. Quite true. I'd contend though that if that provider maintained
adequate logs, they could quickly determine what IP the traffic came from
and cross reference that with their authentication logs to determine which
user was on that IP at that time. Of course many don't keep adequate
logs. I can think of one Unv in particular that directs all syslog output
on their mail server to a single file. They only keep one rotation of
that file because the file grows to around 300MB in a week's time and it
just takes up too much space. Mind boggling. At a provider I consult for
I keep a year's worth of logs for all daemons except for Apache. Our
maillog itself is around 375MB in a week's time. Gzip is a wonderful
thing...
One thing that I'd like to have a chance to try is to redirect all
outbound SMTP connections from our netblocks that have dynamically
assigned IPs to our MTA. I'd like to force those users to pass their
outbound mail through our MTA rather than making direct-to-MX connections.
For staticaly assigned users (or maybe just business users on DSL, Cable,
or leased line) I'd allow their SMTP traffic through. This would give us
the ability to log all outbound SMTP traffic from "throw away" accounts
that spammers so frequently use. While we've never had any spamming
problems on our network, there is a known spammer who lives about 30
minutes away, another group about 2.5 hours away, and another group about
3.5 hours away. I just haven't had time to try this or figure out how to
implement this on our Cisco border routers.
Justin
More information about the MIMEDefang
mailing list