Re: Filtering at border routers: Is it possible?

Fri, 22 Mar 2019 12:13:38 -0700 

On 3/22/19 10:59 AM, Bruno Carvalho wrote:

Hello Folks.


Hi,


I've just joined this list, i didn't read all rules yet (just some), so 
bare with me if my question is misplaced.


Welcome.


I own a small datacenter with 4 uplinks. And i received complains that 
some of my clients are using my services for sending spam.


If I were you, I would ask for more details and / or examples of said spam.


I wanted to know if it is possible to setup spamassassin on a VPS or 
someting and have the port 25 redirected to it from border routers.


No, yes, and no you shouldn't.

No, SpamAssassin by itself can't receive SMTP traffic.


Yes, you can set something up to receive the (redirected) SMTP traffic, 
send it through SpamAssassin, and send clean email out to the world.



(IMHO)  No, you should not do this.  -  If I were a (COLO) customer of 
yours and implemented a policy like this, I'd be quite hot under the 
collar and looking to move my services ASAP.  -  Communications between 
you and your customers can help this.



Important note: I don't know what domains are hosted inside my network.



Depending on what your service is, this may be okay, or this may be a 
Bad Thing™.  IMHO it's okay if a COLO doesn't know the domains that are 
hosted by it's customers.  I think it's a Bad Thing™ if they are your 
own servers for your own business and you don't know what domains you host.



What i know is that 98% of the spam sent is using port 25.



I'm somewhat surprised it's not higher.  I say this because by 
standards, MTAs receive email on TCP port 25.  So I'd be surprised if 
there is anything measurable coming in over something other than port 25.



So, if someone knows a way to filter the mail traffic and block outbound 
spam, i will be thankfull.



I question if it's your responsibility to filter the traffic.  Instead, 
I think you should get information about your internal IPs from the 
people reporting the spam and deal with this as a COLO customer that is 
perpetuating abusive activity and deal with it accordingly.



If you really have no idea what IPs are sending SMTP traffic, I would 
highly recommend something like NetFlow so that you can get information 
about the IPs that are sending SMTP traffic in your network.




--
Grant. . . .
unix || die




Attachment:
smime.p7s

Description: S/MIME Cryptographic Signature























					Reply via email to