[Mimedefang] Blocking DSK & Cable modem users.

listuser at numbnuts.net listuser at numbnuts.net
Thu May 22 14:45:01 EDT 2003 

On Thu, 22 May 2003, Joseph Brennan wrote:

> 
> >> IMHO no ISP should force its
> >> customers to use its own domain for outgoing email.  That's just plain
> >> wrong.
> >
> > I'd love to know about such a thing. I agree, that's evil, and a good
> > reason for direct-to-MX.
> 
> 
> At one time it was considered highly suspicious to want to send
> mail with something other than your username and host in the
> >From line.  Old timeshare-based email programs did not provide
> a way to do it.
> 
> Obviously things change.  But it's not totally evil to want to do
> it the old way.  It's faster and simpler to determine what account
> was used to send problem mail.  I can see that side of it.

True.  Quite true.  I'd contend though that if that provider maintained 
adequate logs, they could quickly determine what IP the traffic came from 
and cross reference that with their authentication logs to determine which 
user was on that IP at that time.  Of course many don't keep adequate 
logs.  I can think of one Unv in particular that directs all syslog output 
on their mail server to a single file.  They only keep one rotation of 
that file because the file grows to around 300MB in a week's time and it 
just takes up too much space.  Mind boggling.  At a provider I consult for 
I keep a year's worth of logs for all daemons except for Apache.  Our 
maillog itself is around 375MB in a week's time.  Gzip is a wonderful 
thing...

One thing that I'd like to have a chance to try is to redirect all 
outbound SMTP connections from our netblocks that have dynamically 
assigned IPs to our MTA.  I'd like to force those users to pass their 
outbound mail through our MTA rather than making direct-to-MX connections.  
For staticaly assigned users (or maybe just business users on DSL, Cable, 
or leased line) I'd allow their SMTP traffic through.  This would give us 
the ability to log all outbound SMTP traffic from "throw away" accounts 
that spammers so frequently use.  While we've never had any spamming 
problems on our network, there is a known spammer who lives about 30 
minutes away, another group about 2.5 hours away, and another group about 
3.5 hours away.  I just haven't had time to try this or figure out how to 
implement this on our Cisco border routers.

Justin

More information about the MIMEDefang mailing list