[Modus] OT: Allowing SMTP on an ISP's Network + Nachi (Welchia) worm

[Mike Roberts]

Title: Message

Hi,   We let anyone that can be POSITIVELY identified run an SMTP server.  So if they are from a dynamic netblock they have to use SMTP auth to send email of any kind.  If they are from static IP space they can send without SMTP auth.   Has worked fine for us.  We have had a few spammers quit because of the policy, but that just shows that the policy was doing it's job.   We do not block any ports, period, that's the customer's responsibility.  Those ports are there for a reason and without fail a paying customer would be impacted by closing down the port.  I personally would not use an ISP that did not allow ICMP.  It would make my job EXTREMELY more difficult.   Unless the worm is using all my bandwidth I don't really care who is infected.  When someone that DOES care contacts me then I take steps.   Take care, DataWest Support - Mike ===================================== *DataWest Internet - www.datawest.net *Colorado Springs  - 888-304-5988 -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mike McTee Sent: Monday, December 15, 2003 14:28 To: [EMAIL PROTECTED] Subject: [Modus] OT: Allowing SMTP on an ISP's Network + Nachi (Welchia) worm This is an Off Topic post.  Due to the possibility of causing grief to some on this list with an Off Topic post’s sometimes excessive amount of responses, please reply to me in private with your policies, thoughts, or responses.  Also, this is really two questions in one e-mail, so it may generate more e-mails than most would want to see on the list anyway. J   1). As an ISP, what is the general consensus of allowing anyone (or everyone) to have the ability to have an SMTP server in operation on their machine while connected to the ISP’s network?   This question arises from time to time because we get complaints from various other people of spam being relayed from one of our IP Addresses and upon verifying who was using that IP Address at the time the relaying occurred, it comes back to dynamically assigned IP Address pools (both dialup and DSL).       2). As an ISP, what has everyone done to guard against bandwidth hogging infected machines (the latest seems to have been the Nachi or Welchia worm outbreak)?   A.      Did everyone choose to disable this by blocking those ports the worm uses (which incidentally blocks the ability to use ping and tracert as testing tools)? B.       Or, is there another way to do this that still lets us test across the network with ping and tracert?       Sincerely, Mike McTee Internet Systems Technician Eastex Net (www.eastex.net)