Hi Charles, When your dial-up users do send through your SMTP server, do they have to authenticate? Or do you use that SMTP only for your dial-up users, with no non-dialup users having access to it? I would suggest one or the other. In either case, you can then easily see from a report on your mail server logs what the incoming and outgoing traffic is.
As far as allowing SMTP traffic to other servers for your dial-up users, you might consider blocking port 25 except to your mail servers as some other ISPs are doing. Since alternate ports, preferably SMTP AUTH, should be available with the alternate mail provider, blocking should not be a huge issue...however, I realize it will take some time to educate and prepare your end-users for the change. It's should be extremely inexpensive to throw up some SMTP servers for dial-up users only to relay through. Darin. ----- Original Message ----- From: "Charles Frolick" <[EMAIL PROTECTED]> To: "Darin Cox" <[EMAIL PROTECTED]> Sent: Wednesday, December 08, 2004 12:10 PM Subject: Re[4]: [IMail Forum] Lycos goes limp Hello Darin, Wednesday, December 8, 2004, 10:17:14 AM, you wrote: DC> Yes, but in the dial world you know who is sending mail through your server, DC> so leave port 25 open for dial users only, and have your non-dial users to DC> send to port 587 via SMTP AUTH. They are not forced to send through any server, they are unfiltered on the net, I can force the ones on my local dial pool, but I have zero control over the wholesale pools, and the abuse reports never reach me, I don't own the IP's. If I don't know they are abusing or compromised, how can I remove them from radius? DC> You should be able to trace dial offenders easily through your logs and DC> freeze their accounts if there's a problem. Since you control the network DC> they're using to access the internet, you can enforce security at the DC> dial-up access level rather than at the SMTP level, which is just as good if DC> not better. If they send through my local dial pool, easily enough, and I do. For the wholesale pools, I control nothing, just radius, and as stated before, if I am never alerted to abuse, I cannot shut them down. DC> For those using other ISPs to connect to your mail servers, that's when you DC> could enforce SMTP AUTH. And I do. DC> For monitoring customers, a simple report showing incoming and outgoing DC> totals, ordered by volume, should show you quickly who potential offenders DC> might be. There's no excuse for us to say we're fighting spam and not DC> police our own networks. A simple report delivered nightly via email could DC> show incoming and outgoing volume for each domain, ordered by decreasing DC> volume. It takes less than a minute to scan the top and make sure there are DC> no potential problems. That's a minute a day we can afford to ensure there DC> are no violations we need to investigate, as well as protecting our mail DC> servers from abuse that could affect all customers. So I guess that, DC> instead of not being able to afford to do it, I would argue that you can't DC> afford _not_ to do it. So you're saying I should put a protocol sniffer at each of my gateways to my four upstream providers to log and analyze all SMTP traffic, generate a report, and mail it to me? Name a hosting provider that is doing this? That is not a trivial task. I can use Cisco Routers to force SMTP traffic through mail proxies and analyze it that way, but they will need to be pretty hefty machines, and I don't know about your boss, but mine will take a lot of convincing to pay for that, especially since there is very little up front cost to responding to abuse reports. DC> Darin. -- Best regards, Charles mailto:[EMAIL PROTECTED] To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
