On Sam, Dez 11, 2004 at 12:34:55 +0100, Andre Oppermann wrote:
> > I'm about to list all the types of IP's I would mark as valid senders
> > - static ip customers (leased lines and adsl with static IPs)
> > - Our mailservers (primary and backup)
> I would mark static IP customers only they are running their own SMTP
> servers. Also for them the default policy is no SMTP. Updating that
> if a customer indeed wants SMTP is a matter of seconds.
I know a good number of "low-cost" dsl customers that run an MTA behind
a NAT - they take it for granted that they are allowed to send, so I
wonder if the bigger players in switzerland (cc/g/bw/others) will
implement it. I mean we started to block bw dyn-ip customers and they
wondering why they can't send mail to us... To me it seems that a lot of
providers accept dynamic IPs as valid clients, so you'll have to do a
lot of explanation to customers - and I can well imageing what hassle
that must be for a company having several thousends of customers
> > That eliminates all the printers, routers, and other gadgets with an ip
> > stack that don't send mail - it boils our /19 down to say 100 hosts. So
> > far so good!
> This is an 80:1 ratio, or 1.2% instead of 100%.
ACK
> > The real problem I see on the long run is, that you can't decide what to
> > do based on the IP. Assume a "big" ISP is enforcing their users to use
> > his MTA - this MTA conforms to any RFC you can think of, it would even
> > have an MTAMARK. Maybe even SPF, but lousy implemented. What do you do
> > if you receive massive junk from there, blocking a major ISP of
> > Switzerland? You end up finding some nice filtering technique (so you
> > read all the crap mails, try to find some pattern, hoping it would not
> > filter any legimate mails) OR sending abuse@ a nice complaint and hope
> > something changes.
> Well, then nothing has changed vs. today. No, something has changed,
> you don't get spammed directly through zombies on his huge network.
> But chances are pretty high that this is not happening. For example
> other ISPs outside of Switzerland don't care and blacklist him anyway
> and that way he is eventually forced to clean up his thing.
Possibly true :)
> MTAMARK is a good thing and solves a large problem set without any side
> effects.
I'll bring it up at our techie-table as soon as this thing is baked and
I see a working postfix policy deamon :)
Regards
Philipp
--
_;\_ Philipp Morger / PHM2-RIPE System & Network Administrator
/_. \ Dolphins Network Systems AG Phone +41-1-847'45'45
|/ -\ .) Email: <[EMAIL PROTECTED]>
-'^`- \; Don't send mail to: [EMAIL PROTECTED]
_______________________________________________
swinog mailing list
[EMAIL PROTECTED]
http://lists.init7.net/cgi-bin/mailman/listinfo/swinog
