Hello Darin, Wednesday, December 8, 2004, 10:17:14 AM, you wrote:
DC> Yes, but in the dial world you know who is sending mail through your server, DC> so leave port 25 open for dial users only, and have your non-dial users to DC> send to port 587 via SMTP AUTH. They are not forced to send through any server, they are unfiltered on the net, I can force the ones on my local dial pool, but I have zero control over the wholesale pools, and the abuse reports never reach me, I don't own the IP's. If I don't know they are abusing or compromised, how can I remove them from radius? DC> You should be able to trace dial offenders easily through your logs and DC> freeze their accounts if there's a problem. Since you control the network DC> they're using to access the internet, you can enforce security at the DC> dial-up access level rather than at the SMTP level, which is just as good if DC> not better. If they send through my local dial pool, easily enough, and I do. For the wholesale pools, I control nothing, just radius, and as stated before, if I am never alerted to abuse, I cannot shut them down. DC> For those using other ISPs to connect to your mail servers, that's when you DC> could enforce SMTP AUTH. And I do. DC> For monitoring customers, a simple report showing incoming and outgoing DC> totals, ordered by volume, should show you quickly who potential offenders DC> might be. There's no excuse for us to say we're fighting spam and not DC> police our own networks. A simple report delivered nightly via email could DC> show incoming and outgoing volume for each domain, ordered by decreasing DC> volume. It takes less than a minute to scan the top and make sure there are DC> no potential problems. That's a minute a day we can afford to ensure there DC> are no violations we need to investigate, as well as protecting our mail DC> servers from abuse that could affect all customers. So I guess that, DC> instead of not being able to afford to do it, I would argue that you can't DC> afford _not_ to do it. So you're saying I should put a protocol sniffer at each of my gateways to my four upstream providers to log and analyze all SMTP traffic, generate a report, and mail it to me? Name a hosting provider that is doing this? That is not a trivial task. I can use Cisco Routers to force SMTP traffic through mail proxies and analyze it that way, but they will need to be pretty hefty machines, and I don't know about your boss, but mine will take a lot of convincing to pay for that, especially since there is very little up front cost to responding to abuse reports. DC> Darin. -- Best regards, Charles mailto:[EMAIL PROTECTED] To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
